Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Hi,

I have 4 UCS B230M1 Blades and since update to 2.0(1) from 1.4(3q), I can't lauch UCS Manager, java throws the exception: "Certificate has been revoked"

It seems that the certificate used to sign the java code has been revoked, so this is a very important security exception.

How can I solve it?

Nowadays, if I want to run the ucs manager, I must to run the "java control pannel" and uncheck

  - Check certificates for revocation using CRLs

  - Enable Online certificate validation

Here you have the exception details:

un.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate has been revoked

    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)

    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:173)

    at sun.security.validator.Validator.validate(Validator.java:218)

    at sun.security.validator.Validator.validate(Validator.java:187)

    at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:601)

    at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(AppPolicy.java:268)

    at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1825)

    at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:1508)

    at com.sun.javaws.Launcher.prepareResources(Launcher.java:1232)

    at com.sun.javaws.Launcher.prepareAllResources(Launcher.java:621)

    at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:327)

    at com.sun.javaws.Launcher.prepareToLaunch(Launcher.java:199)

    at com.sun.javaws.Launcher.launch(Launcher.java:116)

    at com.sun.javaws.Main.launchApp(Main.java:416)

    at com.sun.javaws.Main.continueInSecureThread(Main.java:248)

    at com.sun.javaws.Main$1.run(Main.java:110)

    at java.lang.Thread.run(Thread.java:662)

Caused by: java.security.cert.CertPathValidatorException: Certificate has been revoked

    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)

    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)

    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)

    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)

    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)

    ... 17 more



Thanks for your help.


  • Unified Computing
Everyone's tags (5)
28 REPLIES
Cisco Employee

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Hello Maurici,

What is OS and Java version do you have on the system from where you are trying to launch UCSM ?

Did you try launching UCSM from different system ?

Do you use third party certs or self-signed certs on FI ?

scope security

show keyring detail

Look out for Validity>  Not After  field.

Has it expired ?

Padma

New Member

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Hello padramas,

I have tried it with windows 7 and gnu/linux:

- Windows 7 java version =  "1.6.0_25"

- Gnu/Linux java version = "1.6.0_26"

I'm using "Keyring Default".

I have regenerated the default key ring (scope security ...), but this hasn't solved the problem.

After regenerating and cleaning certificates in my java runtime, the first time I lauch "ucs manager" it throws this warning:

But the problem hasn't been solved. The java application throws the exception "Certificate has been revoked"

The problem is with the certificate used to sign the code, not used for SSL connections to the UCS.

Thanks for your help.

New Member

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Hi My Name is saleem,

I have same issue with another customer , running version 1.4 , do you have the document to generate the certicate  ? let me know

Saleem

sroumaldaro@unislumin.com.

Cisco Employee

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Saleem,

Steps to regenerate self-signed certificate are documented here

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0_chapter_0110.html#task_7052CA63F06F49D29F58D6BA1CF99993

Even though it is 2.0 doc, it  also applies for 1.4 version too.

Padma

New Member

Re: UCS Manager 2.0(1t): Failed to validate certificate. Certifi

Hi Padma,

Thanks , will certainly give it a try.

Saleem Roumaldaro

Service Consultant

Softchoice Corporation

Direct:905 847 6800 ext. 5334

Toll free: 888 436 5555

Fax: 905 847 6584

Cisco Employee

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Maurici,

Not sure why CRL verification and online verification are not enabled in my Java preferences by default ( Fedora 14 , Sun Java v6 U 24 ) or test machine W2K8 with Java v6 Update 30

If I enable it, UCSM fails to launch as the trust certs in the chain ( Verisign ) used by Cisco cert have been revoked.

http://www.verisign.com/repository/crl.html

I will check it out with the development team and will get back to you.

HTH

Padma

Cisco Employee

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Maurici,

I have submitted following defect to further investigate this issue.

CSCtx30115

Could not launch UCSM Java exception Certification has been revoked

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx30115

It will take a while to get published.

HTH

Padma

Cisco Employee

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Maurici,

With this defect, we have replaced the certificate used for signing the jars application.

Once it completes the testing, it would be integrated in next patch release.

Padma

New Member

UCS Manager 2.0(1t): Failed to validate certificate. Certificate

Hi,

I've also been experiencing this issue using the UCS PE appliance, and have spent quite some time trying to resolve what seemed like a local certificate issue.  Can you confirm when the next release of that will be available with this patch?

Also, is there an easy/quicker way to work around this issue without having to redeploy the PE appliance?

The instructions to regenerate a self-signed certificate seem quite involved. Can you advise on the specific proceedure that is required? Is there a way to do this without having to submit to Verisign?

Finally, why would the certificate be revoked? Is the issue with Verisign or the certificates supplied with the PE appliance.

Many Thanks in advance for your help.

Dan

25795
Views
10
Helpful
28
Replies