• Home
  • Support
  • OnTime for Microsoft
  • FAQ
  • Administration
  • Unable to connect to Load Balancer/Exchange Server using self-signed certificate

Unable to connect to Load Balancer/Exchange Server using self-signed certificate

Symptom

Stacktrace in ontigms.0.0.log containing something like
"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Fix

Import Root and intermediate certificates into the Java keystore used for on OnTime for Microsoft solution. The below example is based on OnTime for Microsoft v. 1.1.0.6 but the solution is the same for other releases although the paths below will have to be modified slightly depending on the version deployed.

  1. Backup C:\Program Files\IntraVision\OnTimeMS-1.1.0.6\otd-jdk1.8.0_25\jre\lib\security\cacerts
  2. Export the root and any intermediate certificates by using copy to file for each using PEM/CER (Base64  encoded) format. This may be done using a web browser. Here we are using *.cer.
  3. Copy the *.cer files to C:\Program Files\IntraVision\OnTimeMS-1.1.0.6\otd-jdk1.8.0_25\jre\lib\security\
  4. Using password "changeit" (unless manually changed) install the root certificate 
    ..\..\..\bin\keytool -import -trustcacerts -alias root -file root.cer -keystore cacerts
    Using password "changeit" (unless manually changed) install the intermediate certificates
    ..\..\..\bin\keytool -import -trustcacerts -alias intermediateXX -file intermediateXX.cer -keystore cacerts

Restart OnTime for Microsoft.

Friday, 18 December 2015 Posted in Administration