Modify

Opened 3 years ago

Closed 3 years ago

Last modified 21 months ago

#14118 closed defect (fixed)

JOSM doesn't start - CertificateException: Response is unreliable: its validity interval is out-of-date

Reported by: Klumbumbus Owned by: team
Priority: blocker Milestone: 16.12
Component: Core Webstart Version:
Keywords: Cc: stoecker

Description

I can't start josm or josm-latest via jnlp since today. josm-latest.jnlp is downloaded fresh from server.
I get this error:

Java Web Start 11.111.2.14 x86
JRE-Version verwenden 1.8.0_111-b14 Java HotSpot(TM) Client VM
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
	at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
	at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
	at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
	at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
	at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
	at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
	at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
	at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.launch(Unknown Source)
	at com.sun.javaws.Main.launchApp(Unknown Source)
	at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
	at com.sun.javaws.Main.access$000(Unknown Source)
	at com.sun.javaws.Main$1.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
	at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
	at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
	at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
	at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
	at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
	at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
	at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
	at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
	... 34 more
	Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
		at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
		... 41 more
Caused by: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
	at sun.security.provider.certpath.OCSPResponse.verify(Unknown Source)
	at sun.security.provider.certpath.OCSP.check(Unknown Source)
	at sun.security.provider.certpath.OCSP.check(Unknown Source)
	at sun.security.provider.certpath.OCSP.check(Unknown Source)
	at com.sun.deploy.security.RevocationChecker$2.run(Unknown Source)
	at com.sun.deploy.security.RevocationChecker$2.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at com.sun.deploy.security.RevocationChecker.doPrivilegedOCSPCheck(Unknown Source)
	... 42 more

Attachments (0)

Change History (9)

comment:1 Changed 3 years ago by rehan727@…

Facing this issue myself as well.

comment:2 Changed 3 years ago by Klumbumbus

BTW: the jnlp file contains <j2se version="1.7+"/> shouldn't it be 1.8+?

comment:3 in reply to:  2 Changed 3 years ago by Don-vip

Replying to Klumbumbus:

BTW: the jnlp file contains <j2se version="1.7+"/> shouldn't it be 1.8+?

Yes. Fixed

comment:4 Changed 3 years ago by Don-vip

Milestone: 16.12

comment:5 Changed 3 years ago by Don-vip

Cc: stoecker added

I don't understand why we get the error, I indeed revoked a certificate but I'm sure we're using another one. I have contacted Certum, I hope they'll answer tomorrow.

@Dirk, team: After three years I'm really tired of certificate management issues and do not longer want to do it next year, is there someone who's willing to pick up?

comment:6 Changed 3 years ago by stoecker

If necessary I'll do it, but actually I hate that too...

But I manage many dozens of certificates, so some more don't count.

Last edited 3 years ago by stoecker (previous) (diff)

comment:7 Changed 3 years ago by Klumbumbus

jnlp works for me again

comment:8 Changed 3 years ago by Don-vip

I changed nothing, looks like Certum fixed the issue on their side. Waiting for their feedback before closing the ticket.

comment:9 Changed 3 years ago by Don-vip

Resolution: fixed
Status: newclosed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.