Re: UCS Manager 2.0(1t): Failed to validate certificate. Certifi - Page 2

Maurici Garcia · ‎01-09-2012

Hi,

I have 4 UCS B230M1 Blades and since update to 2.0(1) from 1.4(3q), I can't lauch UCS Manager, java throws the exception: "Certificate has been revoked"

It seems that the certificate used to sign the java code has been revoked, so this is a very important security exception.

How can I solve it?

Nowadays, if I want to run the ucs manager, I must to run the "java control pannel" and uncheck

- Check certificates for revocation using CRLs

- Enable Online certificate validation

Here you have the exception details:

un.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked

at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)

at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:173)

at sun.security.validator.Validator.validate(Validator.java:218)

at sun.security.validator.Validator.validate(Validator.java:187)

at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:601)

at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(AppPolicy.java:268)

at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1825)

at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:1508)

at com.sun.javaws.Launcher.prepareResources(Launcher.java:1232)

at com.sun.javaws.Launcher.prepareAllResources(Launcher.java:621)

at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:327)

at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:199)

at com.sun.javaws.Launcher.launch(Launcher.java:116)

at com.sun.javaws.Main.launchApp(Main.java:416)

at com.sun.javaws.Main.continueInSecureThread(Main.java:248)

at com.sun.javaws.Main$1.run(Main.java:110)

at java.lang.Thread.run(Thread.java:662)

Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked

at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)

at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)

at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)

at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)

at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)

... 17 more

Thanks for your help.

danjermyft · ‎01-20-2012

Hi Padma,

Yes I'm sure it's an OS specific thing - I've seen several posts from OSX Lion users stating they've experienced issues with Certificates. On a Windows client it is possible to 'ignore' the certificate discrepancy, but not from the mac.

The message that appears is as follows:

Clicking Details brings up much the same information as Maurici experienced earlier in the thread.

Namely:

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked

at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)

at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:173)

at sun.security.validator.Validator.validate(Validator.java:218)

at sun.security.validator.Validator.validate(Validator.java:187)

at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:613)

at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(AppPolicy.java:268)

at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1825)

at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:1508)

at com.sun.javaws.Launcher.prepareResources(Launcher.java:1276)

at com.sun.javaws.Launcher.prepareAllResources(Launcher.java:629)

at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:335)

at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:235)

at com.sun.javaws.Launcher.launch(Launcher.java:124)

at com.sun.javaws.Main.launchApp(Main.java:451)

at com.sun.javaws.Main.continueInSecureThread(Main.java:283)

at com.sun.javaws.Main$1.run(Main.java:116)

at java.lang.Thread.run(Thread.java:680)

Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked

at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)

at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)

at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)

at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)

at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)

... 17 more

The Main error being identified as 'Certificate has been revoked'!

Any other thoughts?

While I can jump onto another box in the interim, not being able to manage from an OSX client will cause an increasing problem for us as a business.

Many Thanks again / Dan

padramas · ‎01-20-2012

Dan,

I missed your Java preferences configuration.

We need to disable " Enable online certificate validation " too.

It should resolve it.

But keep in mind, this is system wide config and it will not check for other online certs.

Padma

robertkruk · ‎02-12-2012

Thanks, was facing this issue and this resolved it.

padramas · ‎02-13-2012

Hello Robert,

Glad it helped you out.

Just FYI, the bug got resolved in 2.0.1w version and is available for download.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx30115

Padma

mbanks · ‎02-14-2012

Is this issue going to be fixed any time soon for CIMC? All of our new UCS C2x0 boxes that have come with 1.4(2) exhibit this same cert problem. Fortunately, I don't think our new C460 M2's have exhibited this issue yet, but it may be because they came with an older firmware.

padramas · ‎02-14-2012

Matt,

We are tracking this issue in C series CIMC software with following defect

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx85249

Currently there is no ETA and I will update the thread once I have more information on it.

Padma

danjermyft · ‎02-16-2012

That did resolve it, Many Thanks Padma

Glad a fix has been issued. Can you confirm if fix is just for the PE

appliance at the moment or if this has been issued for the FI's also yet?

Thanks again / Dan

On 20 January 2012 16:59, padramas <

padramas · ‎02-16-2012

Hello Dan,

Good that it helped you out.

It is fixed in latest UCSM version 2.0.1w.

Padma

endreu · ‎05-03-2012

Hi Padma,

I'm running Cisco_UCS_Platform_Emulator_v2.0.94849.368934.7z but I'm still getting "failed to validate certificate" error. Can you please advice what steps I should take to resolve this?

padramas · ‎05-03-2012

Hello,

Try disabling following Java configuration parameters from Java control panel

Advanced > Security > General

Check certificates for revocation using CRL

Enable online certificate validation

If you are using MAC OS, in addition to changing the Java preferences, change both CRL and OCSP checking to off under Keychain>Preferences>Certificates in OSX

Padma

charlesapdua · ‎05-23-2012

I was having the same error.

also using OSX and this procedure solved it!

Thanks Padma.

yuvalba · ‎08-25-2013

Hi all,

I'm having the same issue with UCS 2.1(2a)

Was it not fixed already?

padramas · ‎08-25-2013

Hello Yuval,

Please start a new thread with the error message you observe while launching UCSM.

Padma

yuvalba · ‎08-25-2013

https://supportforums.cisco.com/thread/2236151

UCS Manager 2.0(1t): Failed to validate certificate. Certificate