I have a customer with ssl vpn enabled, and they are getting an error when trying to startup the webvpnportforward applet. It looks like this error has been discussed on the support forums, but nothing has been resolved. Aside from uninstalling java se 6u17 and reinstalling 6u16, is there any fix?
I just encountered this error when trying to use SDM on a router. You're correct that it's caused by u17 of the JRE which has now disabled md2 and doesn't appear to give any granular control of which algorithms are enabled or disabled. I tried upgrading to u18 but that didn't solve it either - looks like Sun have decided that it's now defunct.
Anyway, after a lot of messing around I've finally got it working again without downgrading by following the steps below (note that I don't know if this will solve your ssl vpn prob but it seems similar). In summary the problem is that the applet itself has an md5 cert but the certificate chain uses md2 certificates from Verisign.
1. Run Internet Explorer and go to Tools->Options->Advanced and untick the 'use JRE 1.6.blah blah' under the Java (Sun) category. Press OK and restart IE.
2. Open the same URL that was giving you the error. You should get an IE security warning asking if you wish to Run the applet. Click on the View Certificate button.
3. Click on the Certificate Path option and you should see the applet as the third in the chain with two Verisign certificates above it. For each of these verisign certificates you need to view it, click on the details tab and then 'save to file' button to export the certificate. Export each certificate as DER and save somewhere handy.
4. Open the Java control panel application and click on the security tab and then the 'Certificates' button.
5. For each category in the drop down box (Trusted certificates, secure site, secure site ca, signer ca) import both certificates that you previously exported.
6. Click Apply and close the Java control panel.
7. In IE change your advanced option back to using the Sun JRE.
8. Restart IE and it should now work.
Note that for step 5 I'm sure you don't actually need all of the categories but I couldn't be bothered to work out which it is.
This hack works because the JRE doesn't bother checking the algorithm used if the certificate is listed as trusted. I'll attach the two certificates I exported but I can't guarantee that they're the same ones you need for your applet so you're better off following the steps above completely.
Hope this helps you out, looks like a few people are having similar problems too.
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...