How to fix “keyCertSign bit is not set” and “Could not generate DH keypair” errors

You may encounter the following error messages when you try to connect to a remote site via a remote repository.

Connection failed with exception: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: CA key usage check failed: keyCertSign bit is not set

I/O exception (javax.net.ssl.SSLException) caught when processing request: java.lang.RuntimeException: Could not generate DH keypair



These errors can be shown if you are using an older version of JDK (e.g. JDK 1.6.x) due to bugs found in JDK. Please upgrade your JDK to the latest one to resolve the issue.