10-21-2013 02:38 AM
Hello,
I have a problem with my Cisco ASA 5510 Clientless SSL Webvpn.
After Oracle updates its Java Version, our JAVA Webportal ist not completly working.
Our clientless SSL Web Portal is running on a Cisco ASA 5510 with Version 9.1.3.
On this portal we provide the JAVA RDP Plugin and the JAVA Citrix Plugin.
All Java Plugins are working with Java 7 Update 25.
But with the newest Version Java 7 Update 45 it is not working.
It is comming the following Error.
-----------------------------------
"SecurityException"
com.sun.deploy.net.JARSigningException: Unsignierter Eintrag gefunden in Ressource:
https://XXXXXXX/ica/JICA-configN.jar
---------------------------------
XX=our portal-url
Has somebody the same problem?
I need a solution, because we are using this solution for round about 200 User.
Thank you very much.
Florian
Solved! Go to Solution.
11-07-2013 12:17 AM
@bart the specific update that mentinoned here is not public released. Maybe that you can obtain the bug fixed versions if you open a TAC case.
11-28-2013 06:49 AM
Version 8.4(4)1 seems to be affected too.
11-28-2013 02:16 PM
I would like to inform you that an interim release has been released which contains the fix for the CSCuj88114 bug.
8.4.7.5 à asa847-5-k8.bin
9.1.3.4 à asa913-4-smp-k8.bin
9.1.3.4 àasa913-4-k8.bin
rate if helpfull!
11-28-2013 10:13 PM
Thank you Sander for the update..
Would you please share 8.4.7-5 interim image to us on priority as we are not finding this image in Cisco.
11-29-2013 12:19 AM
I think that the files are given to us when opening a TAC case. So I have to advise to do the same.
12-20-2013 02:59 AM
Noticed that 8.2 is affected as well.. have an 5590 which is running latest 8.2.5 (46) which shows the same error..
I am unable to upgrade the box to 8.4 as it is missing RAM slots.. (yes there are none soldered on the mainboard - must be one of the first batches.. 1 RAM slot, 3 empty soldiering joints)
01-13-2014 06:56 AM
Hi Florian,
i face this issue too.
When i start the RDP Plugin i get following "warning":
This application will be blocked in a future Java security update because the JAR file maifest does nocht contain the Permissions attribute. Please contact the Publisher for more information.
I am using ASA Version 9.1.4 but i think the RDP plugin have to be rewritten from Cisco to get this solved.
The version on the cisco website is very old 27-APR-2012.
Please keep us informed if you find a way to supress this warning (at the ASA not the client )
Best Regards
Ayhan
01-13-2014 07:07 AM
Please follow the steps below:
1) Delete the following files from rdp_09.11.2012.jar:
properJavaRDP13-1.1.jar
properJavaRDP12-1.1.jar
properJavaRDP11-1.1.jar
2) Delete the following statements from "properrdp.html" :
properJavaRDP13-1.1.jar,properJavaRDP12-1.1.jar,properJavaRDP11-1.1.jar
3) Pack all other files from rdp_09.11.2012 in new .jar
4) Upload new plugin to ASA .
If that did not work, you can always re-download the plugin from the cisco website and upload it.
01-13-2014 07:50 AM
Hi Sander,
i will give it a try and inform you about the results.
Best Regards
Ayhan
01-14-2014 04:13 AM
Hi Sander,
i am still getting the Message that permission attribute in manifest.xlm is missing.
Do you know what to set there?
Best Regards
Ayhan
01-14-2014 05:13 AM
From what I've have understand, Cisco needs to write a new plugin to replace the old Cisco certificate....
Try the one that we have created. It should be the same as the steps that I have posted.
https://www.dropbox.com/s/gtb0ew5v9uiwshm/rdp_plugin_changed.jar
01-14-2014 05:28 AM
Hi Sander,
thank you very much, but i think this will not work too because the manifest.xml is not containing the required tags for permission handling.
Thats the manifest.xml from your jar file:
properrdp.html
rdp
3389
csco_rdp
1.0.2
Terminal Servers
Terminal Servers Bookmarks
icon.gif
translation-tables/rdp.pot
Translation domain for RDP plugin
en
help/en/index.inc
host
Host Name
string
I would expect to find any of these tags in the manifest.xml to avoid the warning that this application will be blocked in future updates:
I've attached a Screenshot from the Warning to be sure that we both work on the same topic
01-14-2014 05:42 AM
Yes these warnings are the same. However these steps were e-mailed by Cisco TAC. So i didn't make them myself. From our point the customer still gets errors. With the new software version. We need to wait untill Cisco makes a new RDP plugin.
01-14-2014 05:49 AM
Many thanks for you investigations.
I have an open TAC-Case and hope the TAC-engineer can get in touch with the dev team
Best Regards
Ayhan
01-17-2014 06:56 AM
Hi Ayhan,
we have the same problem as you discribe and have found the following workaround for me:
in the java control panel either reduce the security level to 'medium',
or insert your asa-url to the exception list, e.g. https://asa.domain/.
(sorry, we use german language versions here, so I don't know the correct labels for the english version)
We still get the warnings about the obsolet certificate, but can at least start our rdp sessions again.
Hope this helps,
Wolfgang
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide