Hi,
I seem to have similar problem as reported here: https://supportforums.cisco.com/thread/2124627
However, I'm using firmware 2.1(2a) and Java 7 Update 25.
I installed a valid SSL certificate which works fine (browser has no error in access to the UCS URL), however when launching UCSM following error appears:
More info show:
java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: java.io.IOException: extra data given to DerValue constructor
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
... 18 more
Caused by: java.security.cert.CertPathValidatorException: java.io.IOException: extra data given to DerValue constructor
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
... 19 more
Caused by: java.io.IOException: extra data given to DerValue constructor
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
... 22 more
Certificate Details show "Cisco Systems" certificate...
The only workaround I found is to set Java control panel Advanced > Perform certificate revocation checks on > Do not check
Anyone else experiencing it?
Hello Yuval,
Thanks for starting the new thread.
I just tried with UCSM 2.1.2a and Jave 7 update 25 and did not observe the issue. It has both CRL & OSCP enabled on it but did not have any issues in luanching UCSM.
Can you please paste the screen shot of " certificate details " from pop up window ?
Padma
I just realized that the problem is related somehow to a proxy setting.
I changed Java Network settings to "Direct" and it seems to solve it.
Using 2.1.1
CIMC in E140S
But the KVM application does not start due to revoked certificate.
If we keep "perform certificate revocation checks" enabled (as it should be) including using CRL;s, the KVM application will be blocked : "java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Thu May 05 20:15:10 CEST 2011, auth....".
Java 7 update 45, direct connection.
How to get this working without disabling revocation checks ?
