Launching Live Health with Java 1.7u40 and later causes security errors and the Live apps fail to start

book

Article ID: 48575

calendar_today

Updated On:

Products

CA eHealth

Issue/Introduction

Description:

Starting with Java/JRE 7u40, Java requires the application (the jar file executed via jnlp) to be signed by a certificate with a minimum public key size of 1024 bits.

At this time the Live Health jnlps are signed with a certificate of less than 1024 bits (we use 512 bits), causing a security validation failure.

Solution:

The minimum public key size is the default value specified in Java/JRE's java.security file. It can be edited to allow a higher or lower required public key size.

The java.security file is located in your client machine's Java/JRE installed directory (jre/lib/security/java.security). If you have previously installed various versions of JRE, open the Java control panel and click on the Java tab. Click on the View button to see the path of the JRE version that is configured with your Internet Explorer (IE) or Firefox.

In JRE 7u40 the java.security by default has this setting:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Changing the value 1024 to 256 solves the issue in eHealth Live clients (as they are currently signed by a certificate with a 512-bit key). This change in java.security has to be done by a user with the administrator role, and java must be restarted in order for changes to take effect.

Environment

Release:
Component: EHLH