HABPanel Widget Gallery

Apps & Services HABPanel
32

Sorry if I revive an old thread, but for anyone with SSL problems, you are probably missing the let’s encrypt certificates in your java keystore.
I recently installed openhabian on my pi and got the

{“error”:{“message”:“java.lang.IllegalStateException”,“http-code”:500,“exception”: {“class”:“javax.net.ssl.SSLException”,“message”:“java.lang.IllegalStateException”,“localized-message”:“java.lang.IllegalStateException”,“cause”:“javax.net.ssl.SSLException”}}}

error, so I’m probably not the only one that even now still bumps into this problem.

I got it fixed and made the following list of steps.

How to import the Let’s Encrypt certificates in the Java truststore:

  1. Save https://letsencrypt.org/certs/isrgrootx1.pem.txt as letsencrypt-root.pem
  2. Save https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt as letsencrypt-int-1.pem
  3. Save https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt as letsencrypt-int-2.pem
  4. Use WinSCP (WinSCP :: Official Site :: Download) or similar and place the 3 files in /home
  5. SSH into your raspberry with Putty (https://putty.org/) or similar
  6. Navigate to /home:

cd /home

  1. Transform the .pem certificates in .der ones: `

sudo openssl x509 -in letsencrypt-root.pem -inform pem -out letsencrypt-root.der -outform der
sudo openssl x509 -in letsencrypt-int-1.pem -inform pem -out letsencrypt-int-1.der -outform der
sudo openssl x509 -in letsencrypt-int-2.pem -inform pem -out letsencrypt-int-1.der -outform der

  1. Locate Java truststore and keep the path in an environment variable for easy re-use:

JAVA_TRUSTSTORE=$(sudo find / -wholename *jre/lib/security/cacerts)

  1. Import the .der certificates into the Java trustore :
    (do NOT change the changeit password, this is the default one and I’m pretty sure you haven’t changed it)

sudo keytool -importcert -alias letsencrypt_root -keystore $JAVA_TRUSTSTORE -storepass changeit -file letsencrypt-root.der
-
sudo keytool -importcert -alias letsencrypt_int_1 -keystore $JAVA_TRUSTSTORE -storepass changeit -file letsencrypt-int-1.der
-
sudo keytool -importcert -alias letsencrypt_int_2 -keystore $JAVA_TRUSTSTORE -storepass changeit -file letsencrypt-int-2.der

  1. Test if the certificates are added, you should see them outputted:
    (Again, do not change the changeit password)

keytool -keystore $JAVA_TRUSTSTORE -storepass changeit -list | grep letsencrypt

  1. Restart Openhab, a fresh java process is needed:

sudo service openhab2 restart

I hope this could help!

1 Like