any idea how to get past "sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked" ?

[divinity76]

any idea how to get past this? i have tried both JRE6 and JRE7 and the exact error log is

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked
    at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
    at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
    at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
    at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
    at com.sun.javaws.Launcher.launch(Unknown Source)
    at com.sun.javaws.Main.launchApp(Unknown Source)
    at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
    at com.sun.javaws.Main$1.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
    at java.security.cert.CertPathValidator.validate(Unknown Source)
    ... 18 more

and i can't seem to get past it, and i have no physical access to the server (the server is in Canada and i'm stuck in Norway), any suggestions?

[Kris-Sekula]

Sorry, I don't have access to UCS servers anymore so I'm unable to try it myself. Looks like you are doing the correct things by disabling all the checks, but somehow it doesn't work. Have you tried to connect directly to the CIMC with your browser and accept the cert before using the jnlp file?

On Mon, 22 Nov 2021 at 01:50, divinity76 @.***> wrote:

any idea how to get past this? [image: image] https://user-images.githubusercontent.com/1874996/142838776-aafe1ef9-d5c1-4977-ab1c-89ded6d68213.png fwiw the server is publicly available at https://45.62.199.27/ and i have tried both JRE6 and JRE7 and the exact error log is

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked at sun.security.validator.PKIXValidator.doValidate(Unknown Source) at sun.security.validator.PKIXValidator.doValidate(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source) at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source) at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source) at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source) at com.sun.javaws.Launcher.prepareResources(Unknown Source) at com.sun.javaws.Launcher.prepareAllResources(Unknown Source) at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) at com.sun.javaws.Launcher.launch(Unknown Source) at com.sun.javaws.Main.launchApp(Unknown Source) at com.sun.javaws.Main.continueInSecureThread(Unknown Source) at com.sun.javaws.Main$1.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source) at java.security.cert.CertPathValidator.validate(Unknown Source) ... 18 more

and i can't seem to get past it, and i have no physical access to the server (the server is in Canada and i'm stuck in Norway), any suggestions?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Kris-Sekula/UCS-KVM/issues/2, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFTKLJCEQEIFYDZMQDODRI3UNIHABANCNFSM5IQRILOQ .

[divinity76]

Have you tried to connect directly to the CIMC with your browser and accept the cert before using the jnlp file?

yup, multiple times and with reboots, doesn't make any difference

[divinity76]

doing a firmware update with the file upd-pkg-c200-m1-cimc.full.1.4.3z09.bin which i found inside ucs-c200-huu-1.4.3z09.iso from https://software.cisco.com/download/home/283860950/type/283850974/release/1.4(3z09) "magically" fixed the issue, i have no problem connecting now :)

also noticed that the server now serves a certificate that is set to expire sometime in 2024... so i guess the problem will re-emerge sometime in 2024 ; anyway, thanks for the help!

[Kris-Sekula]

Great, thanks for the update, this will be useful to others who will likely hit the same issue in the future...in fact I'll leave a note in the main document about this issue... I assume you upgraded the CIMC via cli ?

Kris

On Mon, 22 Nov 2021 at 13:10, divinity76 @.***> wrote:

doing a firmware update with the file upd-pkg-c200-m1-cimc.full.1.4.3z09.bin which i found inside ucs-c200-huu-1.4.3z09.iso from https://software.cisco.com/download/home/283860950/type/283850974/release/1.4(3z09) "magically" fixed the issue, i have no problem connecting now :)

also noticed that the server now serves a certificate that is set to expire sometime in 2024... so i guess the problem will re-emerge sometime in 2024 ; anyway, thanks for the help!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Kris-Sekula/UCS-KVM/issues/2#issuecomment-975920969, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFTKLJD42JGJYP3GCWM5VNDUNKWTFANCNFSM5IQRILOQ .

[divinity76]

no, i could upgrade it via the web interface like this: https://github.com/Kris-Sekula/UCS-KVM/issues/2#issuecomment-975920969

(it seems you're viewing this over email, so you only saw the original version of that comment, if you check the current web version of that comment, you should see that i added an image at the bottom of that comment, which i presume is not part of your email chain)