Certificate issue


I get the error below when I try to sync Openremote designer with my controller. Is the problem on my side or on the other end?

Downloading account configuration failed : sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found.

I have attached a log from my Openremote console.


log.txt (7.08 KB)

same problem here, i think they have to add a new certificate

same here

Server certificate was about to expire and has been updated yesterday with a valid certificate.

If you have issues on the client side, you might need to import the certificate in the trust store.

keytool -keystore cacerts -import -trustcacerts -alias designer -file xxx.crt

xxx.crt being the certificate file you can download from the server

cacerts location will be dependent on your Java installation.

If anyone
having problems with this as well, here is what I have done to resolve the certificate
issue on my Windows installation. Another way may be to upgrade to a later Java
version since that may come with updated root certs. However, I did not want to
change anything that works for the moment.

You need to
download the root certificate “Digicert Global Root G2” and intermedia
certificate “RapidSSL TLS RSA CA G1” from https://knowledge.digicert.com/generalinformation/INFO1548.html. I also attach the certificates here
if you prefer that instead of downloading.

Your Java path
folder may differ from mine, so you must replace path to cacers file in the lines
below. In example I put downloaded root files to C:\Install. I could be a good
idea to make a backup copy of the file “C:\Program
Files\Java\jdk1.8.0_66\jre\lib\security\cacerts” before you proceed.

From a
command prompt, navigate to the Bin folder of your JDK, “C:\Program
Files\Java\jdk1.8.0_66\jre\bin” on my installation.

Run the commands
below. You will get prompted to enter keystore password, this is by default “changeit”.

-keystore “C:\Program
Files\Java\jdk1.8.0_66\jre\lib\security\cacerts” -import -trustcacerts
-alias Root -file C:\Install\RapidRoot.crt

-keystore “C:\Program
Files\Java\jdk1.8.0_66\jre\lib\security\cacerts” -import -trustcacerts
-alias intermediate -file C:\Install\RapidIntermedia.crt

After this
you must restart your local Openremote service.

RapidRoot.zip (2.38 KB)

Hi Eric,

could you tell me the location of this certificate i cannot find it on openremote.io or am i looking in the wrong way?


i tries this post:


the importing works and ive also put it in the java home dir but still no luck with syncing…

this worked for me:
keytool -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts -import -trustcacerts -alias designer_selfsigned1 -file openremote.crt

To centralize everything into a single place, and prevent you from having to download a file from an unknown user on the internet, here are the directions (works for me on a Raspberry Pi):

The server is using a self signed certificate. Download a copy from the server by using this command:

openssl s_client -showcerts -connect designer.openremote.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > openremote.crt


Now you need to import the certificate using root permissions (sudo):

keytool -keystore /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts -import -trustcacerts -alias designer_selfsigned1 -file openremote.crt


If the process requests a keystore password, enter it now. Note, if you have never set a keystore password before, use this default one:



Now restart the machine (if you cant do this, you can find a different syncing method using Google):

shutdown -r now