SSL issues connecting to Load Balancer/Exchange Server

Symptom

Stacktrace in ontigms.0.0.log containing something like “PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

Fix

Import Root and intermediate certificates into the Java keystore used for on OnTime for Microsoft solution.

  1. Backup the current ‘cacerts’ file – C:\Program Files\IntraVision\OnTimeMS-x.x\jdk\lib\security\cacerts
  2. Export the root certificate – if required, any intermediate certificates by using copy to file for each using PEM/CER (Base64 encoded) format. This may be done using a web browser. Here we are using *.cer.
  3. Copy the *.cer files to C:\Program Files\IntraVision\OnTimeMS-x.x\jdk\lib\security\
  4. Using password “changeit” (unless manually changed) install the root certificate
    ..\..\..\bin\keytool -import -trustcacerts -alias root -file root.cer -keystore cacertsUsing password “changeit” (unless manually changed) install the intermediate certificates
    ..\..\..\bin\keytool -import -trustcacerts -alias intermediateXX -file intermediateXX.cer -keystore cacerts

Restart OnTime for Microsoft.

SSL issues connecting to Load Balancer/Exchange Server

Location:
Date:
Time: