01-09-2012 04:18 AM - edited 03-01-2019 10:13 AM
Hi,
I have 4 UCS B230M1 Blades and since update to 2.0(1) from 1.4(3q), I can't lauch UCS Manager, java throws the exception: "Certificate has been revoked"
It seems that the certificate used to sign the java code has been revoked, so this is a very important security exception.How can I solve it?
Nowadays, if I want to run the ucs manager, I must to run the "java control pannel" and uncheck- Check certificates for revocation using CRLs
- Enable Online certificate validation
Here you have the exception details:un.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:173)
at sun.security.validator.Validator.validate(Validator.java:218)
at sun.security.validator.Validator.validate(Validator.java:187)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:601)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(AppPolicy.java:268)
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1825)
at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:1508)
at com.sun.javaws.Launcher.prepareResources(Launcher.java:1232)
at com.sun.javaws.Launcher.prepareAllResources(Launcher.java:621)
at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:327)
at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:199)
at com.sun.javaws.Launcher.launch(Launcher.java:116)
at com.sun.javaws.Main.launchApp(Main.java:416)
at com.sun.javaws.Main.continueInSecureThread(Main.java:248)
at com.sun.javaws.Main$1.run(Main.java:110)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
... 17 more
Thanks for your help.
01-20-2012 07:35 AM
Hi Padma,
Yes I'm sure it's an OS specific thing - I've seen several posts from OSX Lion users stating they've experienced issues with Certificates. On a Windows client it is possible to 'ignore' the certificate discrepancy, but not from the mac.
The message that appears is as follows:
Clicking Details brings up much the same information as Maurici experienced earlier in the thread.
Namely:
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:173)
at sun.security.validator.Validator.validate(Validator.java:218)
at sun.security.validator.Validator.validate(Validator.java:187)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:613)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(AppPolicy.java:268)
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1825)
at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:1508)
at com.sun.javaws.Launcher.prepareResources(Launcher.java:1276)
at com.sun.javaws.Launcher.prepareAllResources(Launcher.java:629)
at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:335)
at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:235)
at com.sun.javaws.Launcher.launch(Launcher.java:124)
at com.sun.javaws.Main.launchApp(Main.java:451)
at com.sun.javaws.Main.continueInSecureThread(Main.java:283)
at com.sun.javaws.Main$1.run(Main.java:116)
at java.lang.Thread.run(Thread.java:680)
Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
... 17 more
The Main error being identified as 'Certificate has been revoked'!
Any other thoughts?
While I can jump onto another box in the interim, not being able to manage from an OSX client will cause an increasing problem for us as a business.
Many Thanks again / Dan
01-20-2012 08:58 AM
Dan,
I missed your Java preferences configuration.
We need to disable " Enable online certificate validation " too.
It should resolve it.
But keep in mind, this is system wide config and it will not check for other online certs.
Padma
02-12-2012 08:37 PM
Thanks, was facing this issue and this resolved it.
02-13-2012 06:46 AM
Hello Robert,
Glad it helped you out.
Just FYI, the bug got resolved in 2.0.1w version and is available for download.
Padma
02-14-2012 10:35 AM
Is this issue going to be fixed any time soon for CIMC? All of our new UCS C2x0 boxes that have come with 1.4(2) exhibit this same cert problem. Fortunately, I don't think our new C460 M2's have exhibited this issue yet, but it may be because they came with an older firmware.
02-14-2012 07:51 PM
Matt,
We are tracking this issue in C series CIMC software with following defect
Currently there is no ETA and I will update the thread once I have more information on it.
Padma
02-16-2012 04:41 AM
That did resolve it, Many Thanks Padma
Glad a fix has been issued. Can you confirm if fix is just for the PE
appliance at the moment or if this has been issued for the FI's also yet?
Thanks again / Dan
On 20 January 2012 16:59, padramas <
02-16-2012 06:17 AM
Hello Dan,
Good that it helped you out.
It is fixed in latest UCSM version 2.0.1w.
Padma
05-03-2012 07:56 PM
Hi Padma,
I'm running Cisco_UCS_Platform_Emulator_v2.0.94849.368934.7z but I'm still getting "failed to validate certificate" error. Can you please advice what steps I should take to resolve this?
05-03-2012 09:27 PM
Hello,
Try disabling following Java configuration parameters from Java control panel
Advanced > Security > General
Check certificates for revocation using CRL
Enable online certificate validation
If you are using MAC OS, in addition to changing the Java preferences, change both CRL and OCSP checking to off under Keychain>Preferences>Certificates in OSX
Padma
05-23-2012 11:17 PM
I was having the same error.
also using OSX and this procedure solved it!
Thanks Padma.
08-25-2013 09:18 AM
Hi all,
I'm having the same issue with UCS 2.1(2a)
Was it not fixed already?
08-25-2013 09:51 PM
Hello Yuval,
Please start a new thread with the error message you observe while launching UCSM.
Padma
08-25-2013 11:14 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide