Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2694
Views
0
Helpful
4
Replies

Clients getting Java error when obtaining AnyConnect via web deployment

mknaebelcu
Level 1
Level 1

‎04-09-2015 07:02 AM - edited ‎02-21-2020 08:10 PM

We recently noticed that users authenticating to our VPN using the web UI (to obtain AnyConnect) are receiving a Java security error (Application Blocked). Screenshot attached. These messages are logged in the Java console:

CacheEntry[https://(removed)/CACHE/stc/5/binaries/VPNJava.jar]: updateAvailable=false,lastModified=Wed Dec 31 19:00:00 EST 1969,length=144660
...
preloader: Delivering: ErrorEvent[url=(removed)/CACHE/stc/5/ label=Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running cause=Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running
...
security: Reset deny session certificate store

 

Our certificates have not expired. Is this something that would be fixed in an ASA software update? We are on 9.0(1) currently. Is there anything else we can try?

 

Thanks in advance.

 

Labels:
Preview file
42 KB
0 Helpful
4 Replies 4

Charles Hill
VIP Alumni
VIP Alumni

‎04-09-2015 08:30 AM

Hello Mike,

You can try

downgrading the Java Settings to medium, delete temporary java files and clear browser cache.

 

Hope this helps...

 

0 Helpful

mknaebelcu
Level 1
Level 1
In response to Charles Hill

‎04-09-2015 08:59 AM

Thanks for your reply, but this seems like a work around which is not ideal for the 3000+ users connecting with their own devices.

I'm wondering what could have changed to cause this, and why our Cisco device no longer meets the security requirements. Other thoughts?

0 Helpful

Charles Hill
VIP Alumni
VIP Alumni
In response to mknaebelcu

‎04-09-2015 09:05 AM

What java version are they running?

Has Java been updated recently?

 

 

0 Helpful

mknaebelcu
Level 1
Level 1
In response to Charles Hill

‎04-14-2015 03:06 AM

It's now looking very much like a certificate expired. See attached screenshot. None of the Identity or Code Signer certificates installed on the ASA are signed by VeriSign, nor do the expiration dates, etc, match this. Where is this certificate coming from? Am I the only one with this issue? I updated to 9.1.6 but the problem persists.

Preview file
49 KB
0 Helpful
Customers Also Viewed These Support Documents