"Failed to validate certificate" error on launching Live Health

book

Article ID: 39782

calendar_today

Updated On:

Products

EHEALTH CA eHealth

Issue/Introduction

Problem:
 
Unable to launch Live Health applications with "Failed to validate certificate, The application will not be executed." error.
Failed to validate certificate,
The application will not be executed.
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: algorithm constraints check failed
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
 
 
Environment:
 
Microsoft Windows 7 and Windows 2008 Server with Java 1.7u40 and later
eHealth version 6.3.0 and above.
 
 
Cause:
 
Starting with Java/JRE 7u40, Java requires the application (the jar file executed via jnlp) to be signed by a certificate with a minimum public key size of 1024 bits. 
At this time the Live Health jnlps are signed with a certificate of less than 1024 bits (we use 512 bits), causing a security validation failure.
 
 
Resolution:
 
The minimum public key size is the default value specified in Java/JRE's java.security file. It can be edited to allow a higher or lower required public key size. 
The java.security file is located in your client machine's Java/JRE installed directory (jre/lib/security/java.security). If you have previously installed various versions of JRE, open the Java control panel and click on the Java tab. Click on the View button to see the path of the JRE version that is configured with your Internet Explorer (IE) or Firefox. 
 
In JRE 7u40 the java.security by default has this setting: 
 
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 
 
Changing the value 1024 to 256 solves the issue in eHealth Live clients (as they are currently signed by a certificate with a 512-bit key). This change in java.security has to be done by a user with the administrator role, and java must be restarted in order for changes to take effect. 
 

Environment

Release: LHDEVC99000-6.3-eHealth-Live Health Upgrade Elements
Component: