04-04-2017 02:31 AM - edited 03-19-2019 12:17 PM
Hi,
I'm not able to login RTMT. As soon as I enter the username and password the jave application of RTMT will be crashed.
CUCM: 11.5.1.12900-21
I've already done follwoings:
1.
keytool -import -file <An Import of CUCM-PUB Webpage Certificate> -alias <some meaningful name> -keystore <C:\Program Files\Java\jre1.8.0_121\lib\security\cacerts>
keytool -import -file <An Import of CUCM-PUB Webpage Certificate> -alias <some meaningful name> -keystore <C:\Program Files\Cisco\Unified Rtmt\JRtmt\jre\lib\security\cacerts>
2. Check the status of disabledAlgorithms and play with different value of these. (CSCuz41194 has been checked)
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
have you any idea?
here is the log
2017-04-01 08:11:02,111 [main] INFO rtmt.control - Control:: Started with Control TraceLevelStr:DebugLevel=INFO Applet TraceLevelStr: DebugLevel=FATAL
##########this.filenameconf/rtmt.xml
2017-04-01 08:11:02,173 [main] INFO rtmt.control - ======>Enter System
2017-04-01 08:11:02,283 [Thread-1] INFO rtmt.control - subpath in getGlobalVersion is:global
2017-04-01 08:11:02,283 [Thread-1] INFO rtmt.control - name in getGlobalVersion is:ServerVersion.txt
2017-04-01 08:11:02,283 [Thread-1] INFO rtmt.control - name in getGlobalVersion is:ServerVersion.xml
2017-04-01 08:11:02,283 [Thread-1] INFO rtmt.control - urlStr in getGlobalVersion is:/global/ServerVersion.txt
2017-04-01 08:11:02,283 [Thread-1] INFO rtmt.control - URL in getGlobalVersion is:null
2017-04-01 08:11:02,283 [Thread-1] INFO rtmt.control - urlStr in getGlobalVersion is:/global/ServerVersion.xml
2017-04-01 08:11:02,298 [Thread-1] INFO rtmt.control - URL in getGlobalVersion is:file:/C:/Program%20Files/Cisco/Unified%20Rtmt/JRtmt/global/ServerVersion.xml
2017-04-01 08:11:02,314 [Thread-1] INFO rtmt.control - isHttp is : false
2017-04-01 08:11:02,314 [Thread-1] INFO rtmt.control - Entered fetchVersion, url=file:/C:/Program%20Files/Cisco/Unified%20Rtmt/JRtmt/global/ServerVersion.xml
2017-04-01 08:11:02,314 [Thread-1] INFO rtmt.control - In fetchversion after openConnection for https:
2017-04-01 08:11:02,314 [Thread-1] INFO rtmt.control - versionStringApplet is : 001
2017-04-01 08:11:02,314 [Thread-1] INFO rtmt.control - versionStringControl is : 11.5
2017-04-01 08:11:02,314 [Thread-1] INFO rtmt.control - String returned by fetchUrl is : 11.5(001)
2017-04-01 08:11:02,314 [Thread-1] INFO rtmt.control - String returned by getGlobalVersion:[Ljava.lang.String;@167be7c
2017-04-01 08:11:02,329 [main] INFO rtmt.control - After initialising MainFrame in runRtmtMain()
2017-04-01 08:11:02,345 [main] INFO rtmt.control - In method doStart()
2017-04-01 08:11:02,345 [main] INFO rtmt.control - In startApp, calling popupAuthenticationDlg
==== user pressed ok for first dialog
2017-04-01 08:11:07,992 [main] INFO rtmt.control - Resolved IP address 10.10.0.10 to CUCM-PUB.customer.com
2017-04-01 08:11:08,007 [main] INFO rtmt.control - com.cisco.ccm.serviceability.rtmt.security.RtmtCertificateManager:[INFO]:: JavaHome: C:\Program Files\Cisco\Unified Rtmt\JRtmt\jre
2017-04-01 08:11:08,007 [main] INFO rtmt.control - com.cisco.ccm.serviceability.rtmt.security.RtmtCertificateManager:[INFO]:: WorkingDir: C:\Program Files\Cisco\Unified Rtmt\JRtmt
2017-04-01 08:11:08,241 [main] INFO rtmt.control - The trustStore name is RtmtTrustStore
2017-04-01 08:11:08,257 [main] INFO rtmt.control - Creating customized securesocketfactory wrapper class to disable SSLv3 Before initiating the handshake for CUCM
2017-04-01 08:11:08,537 [main] INFO rtmt.control - Server certificate cleared standard verification process. Hence trusted
2017-04-01 08:11:08,553 [main] ERROR rtmt.control - Exception while initiating the handshake : java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
2017-04-01 08:11:08,584 [main] INFO rtmt.control - Server certificate cleared standard verification process. Hence trusted
2017-04-01 08:11:08,584 [main] ERROR rtmt.control - [ERROR] getBannerDetails : Error getting banner details from server
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.BannerDetails.getBannerDetails(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.startApp(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.doStart(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.runRtmtMain(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.main(Unknown Source)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
... 18 more
2017-04-01 08:11:16,399 [main] INFO rtmt.control - In method doStart(): Calling startsplash()
2017-04-01 08:11:18,442 [SplashThread] INFO rtmt.control - In WaitRunner Thread: Before doMeat()
2017-04-01 08:11:18,442 [SplashThread] INFO rtmt.control - In doMeat():before calling checkremoteVersion
2017-04-01 08:11:18,442 [SplashThread] INFO rtmt.control - isHttp is : true
2017-04-01 08:11:18,442 [SplashThread] INFO rtmt.control - Entered fetchVersion, url=https://CUCM-PUB.customer.com:8443/ast/ServerVersion.xml
2017-04-01 08:11:18,442 [SplashThread] INFO rtmt.control - In fetchversion urlConnection is: sun.net.www.protocol.https.DelegateHttpsURLConnection:https://CUCM-PUB.customer.com:8443/ast/ServerVersion.xml
BASIC auth mode ...
2017-04-01 08:11:18,474 [SplashThread] INFO rtmt.control - Server certificate cleared standard verification process. Hence trusted
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.utils.XmlConfig.load(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.utils.XmlConfig.<init>(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.ServerVersionChecker.fetchVersionXML(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.ServerVersionChecker.checkRemoteVersion(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.doMeat(Unknown Source)
at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain$SplashWindow$2.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
... 19 more
2017-04-01 08:11:18,520 [SplashThread] ERROR rtmt.control - SSLHandshakeException caught = javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
2017-04-01 08:11:18,536 [SplashThread] INFO rtmt.control - String returned by fetchUrl is : null
2017-04-01 08:11:18,536 [SplashThread] INFO rtmt.control - String returned by checkRemoteVersion:[Ljava.lang.String;@9f2c6e
2017-04-01 08:11:18,536 [SplashThread] INFO rtmt.control - In doMeat():versionString=null
2017-04-01 08:11:18,536 [SplashThread] INFO rtmt.control - SSLHandshake Exception was caught before, so NO Error message is thrown to user here.
2017-04-01 08:11:18,536 [SplashThread] INFO rtmt.control - ======>Exit System
10-23-2017 09:20 AM
09-18-2021 04:44 AM
Hello,
didi you solve the issue?
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: