- This line was added.
- This line was removed.
- Formatting was changed.
This error message occurs while trying to log in to Jitterbit Studio or Jitterbit Cloud Data Loader. Follow the steps below to troubleshoot what is causing the error to occur.
NOTE: Any of the Java Keytool commands presented in this document may be used for Jitterbit Studio, Jitterbit Cloud Data Loader, or Jitterbit Agent by substituting the home directory for the product you are working with. If the default is accepted during installation, the home directory will be one of:
Step 1: Verify You Can Log into the Management Console With the Same Desktop Machine
Verify that you can log into the Jitterbit Management Console from the same desktop machine that the Jitterbit Studio Is running on.
Step 2: Verify Jitterbit Studio Is Using the Java Version Installed With the Product
Jitterbit Studio and Jitterbit Cloud Data Loader should be running on the Java version that is installed with the product.
<Jitterbit Studio Home>\configuration\client.propertiesin a text editor.
Search for "JRE_HOME" in the file for instructions
client.propertiesfile has not been modified to point to a different Java version.
Step 3: Verify IP Whitelist
Verify if your browser is using a proxy server (such as Websense), a web filter (such as zScaler), a SSL inspection service on outgoing connections (such as Websense or zScaler) or a VPN (such as Pulse Secure) and make sure the correct Jitterbit sites are included in the IP whitelist.
- You may have to contact your Network Administrator or the third-party vendor that set up your Internet access to verify what browser services are being used.
- The following addresses will need to be included in the IP whitelist for these services:
- If the proxy server, web filter, packet inspection service or VPN also use a trusted root CA certificate, please follow the steps below to add the certificate to the Jitterbit Java KeyStore.
Step 4: Verify SSL Certificate Is Not Located in the Jitterbit Java KeyStore
The error frequently occurs when a signed SSL or CA xxxxxxx.cer certificate is not located in the Jitterbit Java KeyStore. The error will also occur if a SSL inspection service, web filter, proxy server, or VPN changes which certificate is used and the certificate is not located in the Jitterbit Java KeyStore.
- You need to identify which certificates are being used and install each of them into the
\jre\lib\securityfolder that Jitterbit included in the product installation.
- A process must be developed to install the certificate in the
\jre\lib\securityfolder that Jitterbit ships with the product each time you upgrade or re-install Jitterbit.
- Each time you change the certificate(s) that are used, it will be necessary to get the certificate(s) from your Network Administrator or the third-party vendor and install them in the
\jre\lib\securityfolder that Jitterbit ships with the product..
How to Get the List of Security Certificates
- Run this command from within the
keytool -list -v -keystore cacerts
- Verify the certificates are all located in
- To add certificates that are not located in
<Jitterbit Studio>\jre\lib\security\, follow the steps below.
How to Add a New Certificate to the Jitterbit Studio KeyStore
Command Using Java Keytool
The Java Keytool Command is:
> <Jitterbit Studio Home>\jre\bin\keytool -importcert -trustcacerts -alias <alias> -file <certfile> -keystore "<Jitterbit Agent Home>\jre\lib\security\cacerts"
This example isa Websense certificate in Cloud Data Loader. In this example, the Websense certificate file was first copied into
Additional KeyTool command resources:
- Adding Certificates to Keystore for Private Agents
Instructions for using Portecle:
- Download and install Portecle.
First, be certain which JRE or JDK is being used to run your program. On a 64-bit Windows 7, there can be quite a few JREs. Process Explorer can help you with this, or you can use this Jitterbit script command:
- Copy the file
JAVA_HOME\lib\security\cacertsto another folder.
- In Portecle, click File > Open Keystore File
- Select the cacerts file.
- Enter this password:
- Click Tools > Import Trusted Certificate
- Browse for the file
- Click Import
- Click OK when the trust path warning displays.
- Click OK when the details about the certificate display.
- Click Yes to accept the certificate as trusted.
- When it asks for an alias, click OK.
- Click OK when message indicating it has imported the certificate displays.
- Click Save. Don’t forget to do this or the change will be discarded.
- Copy the file
cacertsback to its original location (
Turn on SSL Debug Logging to Determine Which Certificate Is Not Being Accepted
- Turning on logging will show what is causing the error. It will show which certificate is not being accepted. The certificate will need to be added to the Jitterbit Java KeyStore by following the steps above.
<Jitterbit Studio Home>\configuration\client.propertiesin a text editor
- Make a note of the current value of the
STARTUP_ARGUMENTS='-Djavax.net.debug=ssl:handshake -Xms512m -Xmx1024m -Djava.util.Arrays.useLegacyMergeSort=true'
- Save the file
- Launch Jitterbit Studio and attempt to log in
- Once the error displays, dismiss the error dialog
- Go to the folder
- Zip up the
- Create a support case and attach the zip file to the case, or (if not larger than 10MB) email the zip file to email@example.com
- Reset the startup argument property back to its original value to turn off logging