Launching Live Health with Java 1.7u40 and later causes security errors and the Live apps fail to start


Article ID: 48575


Updated On:


CA eHealth



Starting with Java/JRE 7u40, Java requires the application (the jar file executed via jnlp) to be signed by a certificate with a minimum public key size of 1024 bits.

At this time the Live Health jnlps are signed with a certificate of less than 1024 bits (we use 512 bits), causing a security validation failure.


The minimum public key size is the default value specified in Java/JRE's file. It can be edited to allow a higher or lower required public key size.

The file is located in your client machine's Java/JRE installed directory (jre/lib/security/ If you have previously installed various versions of JRE, open the Java control panel and click on the Java tab. Click on the View button to see the path of the JRE version that is configured with your Internet Explorer (IE) or Firefox.

In JRE 7u40 the by default has this setting:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Changing the value 1024 to 256 solves the issue in eHealth Live clients (as they are currently signed by a certificate with a 512-bit key). This change in has to be done by a user with the administrator role, and java must be restarted in order for changes to take effect.


Component: EHLH