I have 4 UCS B230M1 Blades and since update to 2.0(1) from 1.4(3q), I can't lauch UCS Manager, java throws the exception: "Certificate has been revoked"It seems that the certificate used to sign the java code has been revoked, so this is a very important security exception.
How can I solve it?Nowadays, if I want to run the ucs manager, I must to run the "java control pannel" and uncheck
- Check certificates for revocation using CRLs
- Enable Online certificate validationHere you have the exception details:
un.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked
Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked
... 17 more
Thanks for your help.
What is OS and Java version do you have on the system from where you are trying to launch UCSM ?
Did you try launching UCSM from different system ?
Do you use third party certs or self-signed certs on FI ?
show keyring detail
Look out for Validity> Not After field.
Has it expired ?
I have tried it with windows 7 and gnu/linux:
- Windows 7 java version = "1.6.0_25"
- Gnu/Linux java version = "1.6.0_26"
I'm using "Keyring Default".
I have regenerated the default key ring (scope security ...), but this hasn't solved the problem.
After regenerating and cleaning certificates in my java runtime, the first time I lauch "ucs manager" it throws this warning:
But the problem hasn't been solved. The java application throws the exception "Certificate has been revoked"
The problem is with the certificate used to sign the code, not used for SSL connections to the UCS.
Thanks for your help.
Hi My Name is saleem,
I have same issue with another customer , running version 1.4 , do you have the document to generate the certicate ? let me know
Steps to regenerate self-signed certificate are documented here
Even though it is 2.0 doc, it also applies for 1.4 version too.
Thanks , will certainly give it a try.
Direct:905 847 6800 ext. 5334
Toll free: 888 436 5555
Fax: 905 847 6584
Not sure why CRL verification and online verification are not enabled in my Java preferences by default ( Fedora 14 , Sun Java v6 U 24 ) or test machine W2K8 with Java v6 Update 30
If I enable it, UCSM fails to launch as the trust certs in the chain ( Verisign ) used by Cisco cert have been revoked.
I will check it out with the development team and will get back to you.
I have submitted following defect to further investigate this issue.
Could not launch UCSM Java exception Certification has been revoked
It will take a while to get published.
With this defect, we have replaced the certificate used for signing the jars application.
Once it completes the testing, it would be integrated in next patch release.
I've also been experiencing this issue using the UCS PE appliance, and have spent quite some time trying to resolve what seemed like a local certificate issue. Can you confirm when the next release of that will be available with this patch?
Also, is there an easy/quicker way to work around this issue without having to redeploy the PE appliance?
The instructions to regenerate a self-signed certificate seem quite involved. Can you advise on the specific proceedure that is required? Is there a way to do this without having to submit to Verisign?
Finally, why would the certificate be revoked? Is the issue with Verisign or the certificates supplied with the PE appliance.
Many Thanks in advance for your help.