RTC WI Screenshot Tool fails to run with an Error : "certificate has been revoked. the tool will not run"
We are using RTC 6.0.1 on RHEL with Liberty as app server. While using RTC WI Screenshot Tool, it fails to run with an Error : "certificate has been revoked. the tool will not run".
Here is the error info :
java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: AFFILIATION_CHANGED, revocation date: Fri Jun 06 05:30:00 IST 2014, authority: CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, extension OIDs: []
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:798)
Here is the error info :
java.security.cert.CertificateRevokedException: Certificate has been revoked, reason: AFFILIATION_CHANGED, revocation date: Fri Jun 06 05:30:00 IST 2014, authority: CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, extension OIDs: []
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:798)
3 answers
Try this as a workaround...this will not fix your error. IBM will need to implement a patch in order to fix your error. We ran into a similar issue using Rational Asset Manager. This will work as a workaround.
Launch Control Panel, Go into Java control panel, click the advanced tab, under the section "Perform signed code certificate revocation checks on", select Do not check.
edit: I see you're using RHEL. This was a work around for windows. I am not sure how to access Java control panel settings settings in RHEL. I would absolutely open a ticket with IBM support. Odd are, they are aware of this issue, but they should be able to provide you info on when this will be fixed, or if an existing fix has already addressed the issue.
Launch Control Panel, Go into Java control panel, click the advanced tab, under the section "Perform signed code certificate revocation checks on", select Do not check.
edit: I see you're using RHEL. This was a work around for windows. I am not sure how to access Java control panel settings settings in RHEL. I would absolutely open a ticket with IBM support. Odd are, they are aware of this issue, but they should be able to provide you info on when this will be fixed, or if an existing fix has already addressed the issue.
The update site with the renewed certificate is being worked upon and should be available within a day or so... here is more details about the certificate revocation and the renewal :
http://www-01.ibm.com/support/docview.wss?uid=swg21994660
hope this helps