Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Failed to validate certificate. UCSM 2.1(2a)

Hi,

I seem to have similar problem as reported here: https://supportforums.cisco.com/thread/2124627
However, I'm using firmware 2.1(2a) and Java 7 Update 25.

I installed a valid SSL certificate which works fine (browser has no error in access to the UCS URL), however when launching UCSM following error appears:

Capture.PNG

More info show:

java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: java.io.IOException: extra data given to DerValue constructor

at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)

at com.sun.deploy.security.RevocationChecker.check(Unknown Source)

at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)

at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)

at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)

at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)

at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)

at com.sun.javaws.Launcher.prepareResources(Unknown Source)

at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)

at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)

at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)

at com.sun.javaws.Launcher.launch(Unknown Source)

at com.sun.javaws.Main.launchApp(Unknown Source)

at com.sun.javaws.Main.continueInSecureThread(Unknown Source)

at com.sun.javaws.Main.access$000(Unknown Source)

at com.sun.javaws.Main$1.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException

at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)

... 18 more

Caused by: java.security.cert.CertPathValidatorException: java.io.IOException: extra data given to DerValue constructor

at sun.security.provider.certpath.OCSP.check(Unknown Source)

at sun.security.provider.certpath.OCSP.check(Unknown Source)

at sun.security.provider.certpath.OCSP.check(Unknown Source)

... 19 more

Caused by: java.io.IOException: extra data given to DerValue constructor

at sun.security.util.DerValue.init(Unknown Source)

at sun.security.util.DerValue.<init>(Unknown Source)

at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)

... 22 more

Certificate Details show "Cisco Systems" certificate...

The only workaround I found is to set Java control panel Advanced > Perform certificate revocation checks on > Do not check

Anyone else experiencing it?

Everyone's tags (1)
4 REPLIES
Cisco Employee

Failed to validate certificate. UCSM 2.1(2a)

Hello Yuval,

Thanks for starting the new thread.

I just tried with UCSM 2.1.2a and Jave 7 update 25 and did not observe the issue. It has both CRL & OSCP enabled on it but did not have any issues in luanching UCSM.

Can you please paste the screen shot  of " certificate details  " from pop up window ?

Padma

New Member

Failed to validate certificate. UCSM 2.1(2a)

I just realized that the problem is related somehow to a proxy setting.

I changed Java Network settings to "Direct" and it seems to solve it.

Cisco Employee

Failed to validate certificate. UCSM 2.1(2a)

Hello Yuval,

Thanks for sharing the solution.

Padma

New Member

Re: Failed to validate certificate. UCSM 2.1(2a)

Using 2.1.1

CIMC in E140S

But the KVM application does not start due to revoked certificate.

If we keep "perform certificate revocation checks" enabled (as it should be) including using CRL;s, the KVM application will be blocked : "java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Thu May 05 20:15:10 CEST 2011, auth....".

Java 7 update 45, direct connection.

How to get this working without disabling revocation checks ?

4789
Views
0
Helpful
4
Replies
CreatePlease to create content