08-29-2013 11:24 AM - edited 03-01-2019 11:13 AM
So I've got a bunch of 2951s with E140D blades in them. I need to install ESXi on them but the stinking KVM (accessed through the CIMC) for every one of them comes up with a certificate revoked error.
I just did this for a bunch of C240 M3s without any problem.
The CIMC firmware version is:
2.1(1.20130726203500)
This appears to be the latest--I just uploaded the latest version and the number matches the existing version.
I haven't opened a TAC case yet; I'm having phone issues and the online form doesn't like my serial numbers. However, I am going to miss a deadline because of this.
Here's the java traceback:
java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: AFFILIATION_CHANGED, revocation date: Thu May 05 14:15:10 EDT 2011, authority: CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, extensions: {}
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I didn't see anything that looked relevant in the logs.
Solved! Go to Solution.
08-29-2013 01:16 PM
Hi Michael,
It appears that you are hitting a bug for the E-Series: CSCtx85249.
Will you please follow the workaround for
CSCtx85249 Could not launch KVM Java exception Certification has been
revoked
Symptom KVM console fails to launch and displays the following Java
exception error:
Certificate has been revoked
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: Certificate has been revoked
Workaround On the client system, disable the Java configuration
parameters from Java control panel do the following:
Step 1 Go to Advanced > Security > General
Step 2 Check certificates for revocation using CRL
Step 3 Enable online certificate validation
If you are using Mac, in addition to changing the Java preferences, you need
to change both CRL and OCSP checking to off
underKeychain>Preferences>Certificates in OSX.
In some scenarios, you would need to do the following if you are a Mac user:
Step 1 Go to Keychain > Certificates. Double-click the associated cisco.com
certificate.
Step 2 Click the Trust right-arrow and select Always Trust from the When
using this certificate dialog box.
Step 3 Restart the browser and connect to the CIMC web
interface.
Please, let me know if this resolves the problem.
Thanks,
-Bruce
08-29-2013 01:16 PM
Hi Michael,
It appears that you are hitting a bug for the E-Series: CSCtx85249.
Will you please follow the workaround for
CSCtx85249 Could not launch KVM Java exception Certification has been
revoked
Symptom KVM console fails to launch and displays the following Java
exception error:
Certificate has been revoked
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: Certificate has been revoked
Workaround On the client system, disable the Java configuration
parameters from Java control panel do the following:
Step 1 Go to Advanced > Security > General
Step 2 Check certificates for revocation using CRL
Step 3 Enable online certificate validation
If you are using Mac, in addition to changing the Java preferences, you need
to change both CRL and OCSP checking to off
underKeychain>Preferences>Certificates in OSX.
In some scenarios, you would need to do the following if you are a Mac user:
Step 1 Go to Keychain > Certificates. Double-click the associated cisco.com
certificate.
Step 2 Click the Trust right-arrow and select Always Trust from the When
using this certificate dialog box.
Step 3 Restart the browser and connect to the CIMC web
interface.
Please, let me know if this resolves the problem.
Thanks,
-Bruce
08-30-2013 06:49 AM
Thanks Bruce! That did the trick.
08-30-2013 11:16 AM
Hi Michael,
Great! I am glad that we were able to resolve this for you.
Thanks.
-Bruce
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: