Version 2

     

    Summary

    Chrome and other browsers are now phasing out SSL certificates that are implemented using the weak SHA-1 hash. Certificate authorities like GoDaddy are also phasing out SHA-1 in favor of SHA-2 - Because of this change, you may run into missing certificate issues if your On-Premise Jive instance is running an older version of Java and attempts to connect to a service using one of these newer certificates issued by GoDaddy.

     

    To fix this issue, you will need to manually import a newer GoDaddy server certificate into your Jive server's Java keystore

     

    What does the issue look like?

    The symptom of the issue is that you will see the following error in your Jive server logs when your application attempts to connect to an external service that uses a certificate not found in your Java keystore:

     

    ...

    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)

      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)

      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

      ... 19 more

     

    You can also verify that you're seeing this particular issue by going into your Jive site and navigating to Admin Console: System > Settings > Client Certificates and then pasting in your remote service's URL into the Enter a URL to test field and clicking the Test Connectivity button.

     

    You should see a specific error message that reads SunCertPathBuilderException: unable to find valid certification path to requested target

     

    1.png

     

    Who is affected by this issue?

    If you are running Jive 7 or older On-Premise, you will need to follow the instructions below to manually add the GoDaddy certificate to your Java keystore.

     

    This issue will be automatically addressed for all Hosted and Cloud Jive customers. If you are Hosted or Cloud there is no action for you to take. Jive Hosting will be addressing this issue automatically.

     

    How do I install the GoDaddy intermediary certificate?

    Certification install steps:

    • Download the attached godaddy_patch.zip file
    • Extract the zip to reveal two files: do_patch.sh & gdroot-g2_cross.crt
    • Ensure the script is executable: chmod +x do_patch.sh
    • Run the do_patch.sh script
    • Restart Jive

     

    If you run into any issues with the script or your certificates please open a new Jive support case.

     

    Related Materials

    Adding GoDaddy Intermediate Certificates to Java JDK | Blog by Dave Rose

    GoDaddy's SSL Certs Don't Work in Java – The Right Solution