Error Message

The server log file shows the SSLHandshakeException exception.

A valid Root Certificate Authority (CA) certificate is not installed on JRE's default keystore. When the host's certificate does not have a valid trust chain, i.e if a certificate signed by private CA or a self-signed certificate is used, then the connection to the specified CMIS repository fails.

If a certificate signed by private CA or a self-signed certificate is used, you will need to import the hosts's Root CA certificate into the JRE's default keystore. It is recommended to contact your CA for a valid Root CA certificate. 

The hostname used in the CMIS repository URL should be same as Common Name (CN) specified in the certificate. For example, if the certificate has CN as “testserver.com”, then the URL should be like https://testserver.com:/url. Make sure that the hostname should be resolvable from the eDiscovery Platform appliance.

Following are just example procedures for your reference. You must consult your own IT department before you perform the steps that fit in your environment.

To import the root certificate 

1. Go to the JDK directory.

cd C:\jdk-7u51-windows-x64\jre\lib\security 

2. Run the keytool command.

> c:\jdk-7u51-windows-x64\bin\keytool.exe -import -trustcacerts -alias CMISRootCA -file c:\temp\CMIS_rootCA_cert.crt -keystore cacerts 

where, c:\temp\CMIS_rootCA_cert.crt is the file path of your Root CA certificate.      

3. Enter the keystore password. 


(If applicable) To import the intermediate certificate

1. Go to the JDK directory.

cd C:\jdk-7u51-windows-x64\jre\lib\security

2. Run the keytool command.

> c:\jdk-7u51-windows-x64\bin\keytool.exe -import -trustcacerts -alias CMISIntermediateCA -file c:\temp\CMIS_intermediateCA_cert.crt -keystore cacerts

Where, c:\temp\CMIS_intermediateCA_cert.crt is the file path of your intermediate certificate.

3. Enter the keystore password.