Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

UCS Express E140D CIMC KVM certificate revoked

So I've got a bunch of 2951s with E140D blades in them. I need to install ESXi on them but the stinking KVM (accessed through the CIMC) for every one of them comes up with a certificate revoked error.

I just did this for a bunch of C240 M3s without any problem.

The CIMC firmware version is:

2.1(1.20130726203500)

This appears to be the latest--I just uploaded the latest version and the number matches the existing version.

I haven't opened a TAC case yet; I'm having phone issues and the online form doesn't like my serial numbers. However, I am going to miss a deadline because of this.

Here's the java traceback:

java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: AFFILIATION_CHANGED, revocation date: Thu May 05 14:15:10 EDT 2011, authority: CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, extensions: {}

at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)

at com.sun.deploy.security.RevocationChecker.check(Unknown Source)

at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)

at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)

at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)

at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)

at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)

at com.sun.javaws.Launcher.prepareResources(Unknown Source)

at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)

at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)

at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)

at com.sun.javaws.Launcher.launch(Unknown Source)

at com.sun.javaws.Main.launchApp(Unknown Source)

at com.sun.javaws.Main.continueInSecureThread(Unknown Source)

at com.sun.javaws.Main.access$000(Unknown Source)

at com.sun.javaws.Main$1.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

I didn't see anything that looked relevant in the logs.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: UCS Express E140D CIMC KVM certificate revoked

Hi Michael,

It appears that you are hitting a bug for the E-Series: CSCtx85249.

Will you please follow the workaround for

CSCtx85249    Could not launch KVM Java exception Certification has been

revoked

Symptom    KVM console fails to launch and displays the following Java

exception error:

Certificate has been revoked

sun.security.validator.ValidatorException: PKIX path validation failed:

java.security.cert.CertPathValidatorException: Certificate has been revoked

Workaround    On the client system, disable the Java configuration

parameters from Java control panel do the following:

Step 1  Go to Advanced > Security > General

Step 2  Check certificates for revocation using CRL

Step 3  Enable online certificate validation

If you are using Mac, in addition to changing the Java preferences, you need

to change both CRL and OCSP checking to off

underKeychain>Preferences>Certificates in OSX.

In some scenarios, you would need to do the following if you are a Mac user:

Step 1  Go to Keychain > Certificates. Double-click the associated cisco.com

certificate.

Step 2  Click the Trust right-arrow and select Always Trust from the When

using this certificate dialog box.

Step 3  Restart the browser and connect to the CIMC web

interface.

Please, let me know if this resolves the problem.

Thanks,

-Bruce

3 REPLIES
New Member

Re: UCS Express E140D CIMC KVM certificate revoked

Hi Michael,

It appears that you are hitting a bug for the E-Series: CSCtx85249.

Will you please follow the workaround for

CSCtx85249    Could not launch KVM Java exception Certification has been

revoked

Symptom    KVM console fails to launch and displays the following Java

exception error:

Certificate has been revoked

sun.security.validator.ValidatorException: PKIX path validation failed:

java.security.cert.CertPathValidatorException: Certificate has been revoked

Workaround    On the client system, disable the Java configuration

parameters from Java control panel do the following:

Step 1  Go to Advanced > Security > General

Step 2  Check certificates for revocation using CRL

Step 3  Enable online certificate validation

If you are using Mac, in addition to changing the Java preferences, you need

to change both CRL and OCSP checking to off

underKeychain>Preferences>Certificates in OSX.

In some scenarios, you would need to do the following if you are a Mac user:

Step 1  Go to Keychain > Certificates. Double-click the associated cisco.com

certificate.

Step 2  Click the Trust right-arrow and select Always Trust from the When

using this certificate dialog box.

Step 3  Restart the browser and connect to the CIMC web

interface.

Please, let me know if this resolves the problem.

Thanks,

-Bruce

New Member

Re: UCS Express E140D CIMC KVM certificate revoked

Thanks Bruce! That did the trick.

New Member

UCS Express E140D CIMC KVM certificate revoked

Hi Michael,

Great! I am glad that we were able to resolve this for you.

Thanks.

-Bruce

3307
Views
0
Helpful
3
Replies
CreatePlease to create content