Chrome and other browsers are now phasing out SSL certificates that are implemented using the weak SHA-1 hash. Certificate authorities like GoDaddy are also phasing out SHA-1 in favor of SHA-2 - Because of this change, you may run into missing certificate issues if your On-Premise Jive instance is running an older version of Java and attempts to connect to a service using one of these newer certificates issued by GoDaddy.
To fix this issue, you will need to manually import a newer GoDaddy server certificate into your Jive server's Java keystore
What does the issue look like?
The symptom of the issue is that you will see the following error in your Jive server logs when your application attempts to connect to an external service that uses a certificate not found in your Java keystore:
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
... 19 more
You can also verify that you're seeing this particular issue by going into your Jive site and navigating to Admin Console: System > Settings > Client Certificates and then pasting in your remote service's URL into the Enter a URL to test field and clicking the Test Connectivity button.
You should see a specific error message that reads SunCertPathBuilderException: unable to find valid certification path to requested target
Who is affected by this issue?
If you are running Jive 7 or older On-Premise, you will need to follow the instructions below to manually add the GoDaddy certificate to your Java keystore.
This issue will be automatically addressed for all Hosted and Cloud Jive customers. If you are Hosted or Cloud there is no action for you to take. Jive Hosting will be addressing this issue automatically.
How do I install the GoDaddy intermediary certificate?
Certification install steps:
- Download the attached godaddy_patch.zip file
- Extract the zip to reveal two files: do_patch.sh & gdroot-g2_cross.crt
- Ensure the script is executable: chmod +x do_patch.sh
- Run the do_patch.sh script
- Restart Jive
If you run into any issues with the script or your certificates please open a new Jive support case.