Versions Compared

Old Version 2

changes.mady.by.user Qvalent Quickstream

Saved on

compared with

New Version Current

changes.mady.by.user Sean James

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinetrue

...

If you are unsure, upgrade to the latest update updated version of Java.

If upgrading Java is not an option, and/or you wish to perform further validation, you can check that your server's version of Java has the new Root CA as follows.

...

keytool -list -keystore <PATH_TO_CACERTS> -storepass changeit -alias entrustrootcag2

If a certificate is listed, no action is required from you for this particular application environment.

Otherwise, if the error 'Alias <entrustrootcag2> does not exis't is displayed, you need to install the new certificate as follows

  1. Run the following command: bin\keytool -import -keystore <PATH_TO_CACERTS> -storepass changeit -alias entrustrootcag2 -file <PATH_TO_ENTRUST_ROOT_CA_G2_FILE>
  2. Type yes and press Enter
  3. Run the following command to verify the certificate was successfully added

...

Note: For this change to come into effect, you may need to restart your application server and/or any middleware software.

You may need to consult your software developer or systems administrator to resolve this issue.

Microsoft .NET Application

...

  1. Download the Entrust Root CA certificate and save it to your server with a .cer file extension.
  2. In the MMC window, right-click the Certificates folder under Trusted Root Certification Authorities and select All Tasks -> Import...
  3. In the Certificate Import Wizard, press Next
  4. Enter the file name of the CA certificate you just downloaded and press Next.
  5. Press Next again.
  6. Press Finish.
  7. Using the check steps above, validate that the certificate is now listed under Trusted Root Certification Authorities

...

Other Application Technologies

The steps you need to perform will vary dramatically depending on your underlying technology and/or operating system. If your underlying technology is Java or .NET, you can use the generic steps above.

Otherwise, you need to determine the appropriate steps to check that your system trusts Entrust's new Root CA. In order to do this, you may need to consult your software developer or systems administrator to resolve this issue.


Common Issues

My application is producing SSL/TLS errors post this change

...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

...

These guidelines are general in nature and have been prepared without knowledge of the specific environment in which your systems operate. These guidelines are current at the time of writing , but may require update updates over time. Except where contrary to law, Westpac intends by this notice, to exclude liability for these guidelines and the information contained in them. While Westpac has made every effort to ensure these guidelines are free from error, Westpac does not warrant their accuracy, adequacy or completeness.