Install new SSL Certificate fo my.openhab

Continuing the discussion from Problem: openhab 1.7 instance is shown as offline:

Hi Roher
How did you do this?


First of all you have to export my.openhab certificate from your Google Chrome browser - go to, click on the green “lock” icon in the address bar, select “Connection” tab in the popup-window, click “Certificate data” link, navigate to the 2nd tab in the opened window, and press “Copy to file” button there. Click “Next”, select “Base-64 encoded X.509 (CER)”, click “Next” again, enter the name “myopenhab.cer” and select the path where to save the file, click “Next” and “Ready”.

Next, transfer the resulting file to your openhab server into the directory “<openhab_home>/etc”. Notice the file “keystore” there. This is the certificate store used by Openhab.

Finally, login to your openhab server via ssh, cd to the directory “<openhab_home>/etc”, remove the old my.openhab cretificate from your openhab certificate store (if it was present), and add a new one. You can do it using “keytool” utility. Restart Openhab as the last step.

To view existing certificates in the store use the following command:
keytool -list -keystore keystore
To remove an old certificate:
keytool -delete -alias "my.openhab" -keystore keystore
To import a new one:
keytool -importcert -file myopenhab.cer -keystore keystore -alias "my.openhab"

Default certificate store password is “openhab”.

Thank you for the instructions.

I followed your instructions and have imported the certificate.

But I still get offline in my openhab :frowning:


I followed this instruction to get on-line access to and to hopefully resolve this error:
[] - Fatal transport error: PKIX path building failed: unable to find valid certification path to requested target
but also get offline in The HandshakeException is also still present.
Also get:
[ERROR] [.myopenhab.internal.MyOHClient] - Socket.IO error: not authorized
Any clues would be most welcome.

Fixed this after finding a copy/paste syntax issue with UUID and Secret.
Still get
> [ERROR] [] - Fatal transport error: Read timed out

occasionally but seems not to cause problems.

try using the java keystore named cacerts instead of "keystore"
keytool -importcert -file myopenhab.cer -keystore cacerts -alias “my.openhab”

the default password for the cacerts keystore is “changeit”