TECH TIP: "Failed to validate certificate" error on launching Live Health with Java 1.7u40 and later

Document created by Darshan_Desai Employee on Aug 11, 2014Last modified by SamCreek on Dec 17, 2016
Version 2Show Document
  • View in full screen mode

Problem Summary:

Unable to launch Live Health applications with "Failed to validate certificate, The application will not be executed." error.

Failed to validate certificate,

The application will not be executed. PKIX path validation failed: algorithm constraints check failed

at Source)

at Source)



Starting with Java/JRE 7u40, Java requires the application (the jar file executed via jnlp) to be signed by a certificate with a minimum public key size of 1024 bits.

At this time the Live Health jnlps are signed with a certificate of less than 1024 bits (we use 512 bits), causing a security validation failure.



The minimum public key size is the default value specified in Java/JRE's file. It can be edited to allow a higher or lower required public key size.


The file is located in your client machine's Java/JRE installed directory (jre/lib/security/ If you have previously installed various versions of JRE, open the Java control panel and click on the Java tab. Click on the View button to see the path of the JRE version that is configured with your Internet Explorer (IE) or Firefox.


In JRE 7u40 the by default has this setting:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Changing the value 1024 to 256 solves the issue in eHealth Live clients (as they are currently signed by a certificate with a 512-bit key). This change in has to be done by a user with the administrator role, and java must be restarted in order for changes to take effect.