08-25-2013 11:12 PM - edited 03-01-2019 11:12 AM
Hi,
I seem to have similar problem as reported here: https://supportforums.cisco.com/thread/2124627
However, I'm using firmware 2.1(2a) and Java 7 Update 25.
I installed a valid SSL certificate which works fine (browser has no error in access to the UCS URL), however when launching UCSM following error appears:
More info show:
java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: java.io.IOException: extra data given to DerValue constructor
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
... 18 more
Caused by: java.security.cert.CertPathValidatorException: java.io.IOException: extra data given to DerValue constructor
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
... 19 more
Caused by: java.io.IOException: extra data given to DerValue constructor
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
... 22 more
Certificate Details show "Cisco Systems" certificate...
The only workaround I found is to set Java control panel Advanced > Perform certificate revocation checks on > Do not check
Anyone else experiencing it?
08-25-2013 11:34 PM
Hello Yuval,
Thanks for starting the new thread.
I just tried with UCSM 2.1.2a and Jave 7 update 25 and did not observe the issue. It has both CRL & OSCP enabled on it but did not have any issues in luanching UCSM.
Can you please paste the screen shot of " certificate details " from pop up window ?
Padma
08-26-2013 01:00 AM
I just realized that the problem is related somehow to a proxy setting.
I changed Java Network settings to "Direct" and it seems to solve it.
08-26-2013 01:54 AM
Hello Yuval,
Thanks for sharing the solution.
Padma
10-22-2013 03:46 AM
Using 2.1.1
CIMC in E140S
But the KVM application does not start due to revoked certificate.
If we keep "perform certificate revocation checks" enabled (as it should be) including using CRL;s, the KVM application will be blocked : "java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Thu May 05 20:15:10 CEST 2011, auth....".
Java 7 update 45, direct connection.
How to get this working without disabling revocation checks ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide