SDL LiveContent Reach: Updating certs in cacerts due to JRE/JDK deleted on update/upgrade/reboot of server.

« Go Back

Information

Article Type	Solution Article

Scope/Environment	SDL LiveContent Reach

Symptoms/Context

If the cacerts file has been removed from a java update the cacerts file will need to be re-created.

Resolution

Edit Tomcat Reach\bin\tomcatw.exe to point to the new version of Tomcat
Restart Tomcat and check https://<servername>.global.sdl.corp:8443/
Extract/copy the root certificate (CER) to C:\temp
Ensure you have ALL CERTS in the certificate chain.
Validate configured Java Path in Tomcat (see above)
Run following command

Copy %JAVA_HOME%\jre\lib\security\cacerts %JAVA_HOME%\jre\lib\security\cacerts.backup
"%JAVA_HOME%"\bin\keytool -import -trustcacerts -alias SDLCorpCA -file C:\temp\<CERTNAMME>.cer -keystore "%JAVA_HOME%"\lib\security\cacerts -storepass changeit

Check if it is imported:

"%JAVA_HOME%"\jre\bin\keytool -list-keystore "%JAVA_HOME%"\jre\lib\security\cacerts -storepass changeit |find "sdl"

Repeat for any other certs in the certificate chain
Restart Tomcat

Root Cause

Updates or reboots can remove the JRE.

Reference

Also see:
Troubleshooting Relying parties and Certificate issues

Attachment 1

Attachment 2

Attachment 3

Attachment 4

Attachment 5