Sorry if I revive an old thread, but for anyone with SSL problems, you are probably missing the let’s encrypt certificates in your java keystore.
I recently installed openhabian on my pi and got the
{“error”:{“message”:“java.lang.IllegalStateException”,“http-code”:500,“exception”: {“class”:“javax.net.ssl.SSLException”,“message”:“java.lang.IllegalStateException”,“localized-message”:“java.lang.IllegalStateException”,“cause”:“javax.net.ssl.SSLException”}}}
error, so I’m probably not the only one that even now still bumps into this problem.
I got it fixed and made the following list of steps.
How to import the Let’s Encrypt certificates in the Java truststore:
- Save https://letsencrypt.org/certs/isrgrootx1.pem.txt as letsencrypt-root.pem
- Save https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt as letsencrypt-int-1.pem
- Save https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt as letsencrypt-int-2.pem
- Use WinSCP (WinSCP :: Official Site :: Download) or similar and place the 3 files in /home
- SSH into your raspberry with Putty (https://putty.org/) or similar
- Navigate to /home:
cd /home
- Transform the .pem certificates in .der ones: `
sudo openssl x509 -in letsencrypt-root.pem -inform pem -out letsencrypt-root.der -outform der
sudo openssl x509 -in letsencrypt-int-1.pem -inform pem -out letsencrypt-int-1.der -outform der
sudo openssl x509 -in letsencrypt-int-2.pem -inform pem -out letsencrypt-int-1.der -outform der
- Locate Java truststore and keep the path in an environment variable for easy re-use:
JAVA_TRUSTSTORE=$(sudo find / -wholename *jre/lib/security/cacerts)
- Import the .der certificates into the Java trustore :
(do NOT change the changeit password, this is the default one and I’m pretty sure you haven’t changed it)
sudo keytool -importcert -alias letsencrypt_root -keystore $JAVA_TRUSTSTORE -storepass changeit -file letsencrypt-root.der
-
sudo keytool -importcert -alias letsencrypt_int_1 -keystore $JAVA_TRUSTSTORE -storepass changeit -file letsencrypt-int-1.der
-
sudo keytool -importcert -alias letsencrypt_int_2 -keystore $JAVA_TRUSTSTORE -storepass changeit -file letsencrypt-int-2.der
- Test if the certificates are added, you should see them outputted:
(Again, do not change the changeit password)
keytool -keystore $JAVA_TRUSTSTORE -storepass changeit -list | grep letsencrypt
- Restart Openhab, a fresh java process is needed:
sudo service openhab2 restart
I hope this could help!