Issue
The error listed below is displayed in the web browser when trying to access the Admin Home | Services and Components | ConnectKey for DocuShare.
An error occurred. Please check the Server Log for the cause of the error.
The ConnectKey log(\tomcat\webapps\connectkey\logs\ServerLog.txt) shows this error when its missing the SSL certificate:
2014-06-12 11:33:09,092 INFO (EIPAdmin.java:48): Init...
2014-06-12 11:33:09,474 ERROR (ConfigureDevices.java:57): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2014-06-12 11:33:09,475 ERROR (EIPAdmin.java:122): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Reason / Possible Cause
SSL /HTTPS connections require that the DocuShare site imports the web servers SSL certificate into the DSTrustStore.
Note: This typically is not required when using the web browser to access DocuShare using https but since ConnectKeyâ„¢ for DocuShare is a separate web application (webapp) it is required.
Solution
1. Export the SSL Certificate.
To export the SSL certificate:
a. Select Start | Run and type MMC and click the OK button. The MMC Console window displays.
b. Select File | Add/Remove Snap-in. The Add or Remove Snap-ins window displays.
c. In the Available snap-ins pane highlight Certificates and click Add. The Certificates snap-in window displays.
d. Select Computer account and then click Next button.
e. Click the Finish button.
f. From the Add or Remove Snap-ins window click the OK button.
g. From the MMC Console window, select Certificates (local computer) | Personal Folder.
h. Right-click the Certificate, highlight All Tasks and then click Export. The Export File Format window displays.
i. Select Base-64 encoded X.509 (.CER).
j. Enter in the File name field, the directory path to a location on your drive where you want to export the certificate.
k. Enter in the File name field, behind the directory path, a file name for the certificate with the extension .cer.
Example:
C:\SSL_Cert.cer
l. Click Next and complete the certificate export wizard.
2. Place the certificate into the DSTrustStore.
To place the certificate into the DSTrustStore:
Once the certificates have been saved, it must be placed in the DSTrustStore.
To place the certificate .cer file into the DSTrustStore:
a. Open Windows Explorer and locate the .cer file you exported using the Certificate Export Wizard.
b. Copy the .cer file and paste into the directory containing the DSTrustStore file.
Example:
\jdk1.6.0\jre\lib\security
Where is replaced with the installation directory for DocuShare. Depending on your installation environment the path may vary. The default installation path during install is C:\Xerox\Docushare.
c. Open a command prompt window and navigate to the directory containing dstruststore.
Example:
cd Xerox\Docushare\jdk1.6.0\jre\lib\security
d. At the command prompt, enter the set PATH command to set the PATH environment variable. Use set PATH=%PATH%;\jdk1.6.0\jre\bin.
Example:
set PATH=%PATH%;C:\Xerox\Docushare\jdk1.6.0\jre\bin
e. After you have set the PATH variable, at the command prompt,
type keytool -import –alias -file -keystore dstruststore and press Enter.
Note: The Keytool utility places SSL certificate in the DSTrustStore.
Replace with a unique name for the certificate file.
Replace with the name of the certificate file (.cer) that you exported and copied to the directory containing the dstruststore file.
Note: A request for a password may appear. Enter password and press Enter.
When the Trust this certificate? [no]: prompt is displayed type yes and press Enter.
Example:
C:\Xerox\Docushare\jdk1.6.0\jre\lib\securitykeytool -import -alias dscert -file SSL_Cert.cer –keystore dstruststore
Enter keystore password: dstruststore
Owner: DevSrv…