This post applies to Alfresco 4. When we install Alfresco and start it, it shows error in catalina.out as shown below.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1699)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
...
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
Alfresco ships with certificates which are already created, but when you install it has already reached expiration limit.
So below steps will help you to regenerate SSL certificate for Alfresco.
1. First download script to generate SSL certificate from here.
2. Keep this file in alfresco-4.0.1/alf_data/keystore folder.
3. Make it executable using below command.
chmod a+x generate_keystores.sh
4. You may need to change "ALFRESCO_HOME" and other parameters in that script based on your alfresco directory structure.
5. Now run that script file using below command.
sh generate_keystores.sh
Once you run that script, it will restart Alfresco then will ask you to provide details to generate new SSL certificate. Once done with certificate creation, you can start alfresco with valid certificate.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1699)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
...
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
Alfresco ships with certificates which are already created, but when you install it has already reached expiration limit.
So below steps will help you to regenerate SSL certificate for Alfresco.
1. First download script to generate SSL certificate from here.
2. Keep this file in alfresco-4.0.1/alf_data/keystore folder.
3. Make it executable using below command.
chmod a+x generate_keystores.sh
4. You may need to change "ALFRESCO_HOME" and other parameters in that script based on your alfresco directory structure.
5. Now run that script file using below command.
sh generate_keystores.sh
Once you run that script, it will restart Alfresco then will ask you to provide details to generate new SSL certificate. Once done with certificate creation, you can start alfresco with valid certificate.
No comments:
Post a Comment