Unable to load Web Console on SPE 7.0.5 when using JAVA 1.8.0_131 or higher.

book

Article ID: 169699

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

JDK/JRE 1.8.0_131 release introduced a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned.

8u131 Update Release Notes

e.g.)

- 1.8.0.121

$ /usr/java/jdk1.8.0_121/bin/jarsigner -verbose -verify /opt/SYMCScan/bin/guijar.jar
...
- Signed by "CN=Symantec Corporation, OU=IT_Security, O=Symantec Corporation, L=Pune, ST=Maharashtra, C=IN"
    Digest algorithm: SHA1
    Signature algorithm: MD5withRSA, 2048-bit key

jar verified.

- 1.8.0.131

$ /usr/java/jdk1.8.0_131/bin/jarsigner -verbose -verify /opt/SYMCScan/bin/guijar.jar
...
- Signed by "CN=Symantec Corporation, OU=IT_Security, O=Symantec Corporation, L=Pune, ST=Maharashtra, C=IN"
    Digest algorithm: SHA1
    Signature algorithm: MD5withRSA (weak), 2048-bit key

WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:

  jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

Resolution

Please apply re-signed jar files, which are attached herewith.

1. Stop the Symantec Protection Engine service.
2. Go to the Symantec Protection Engine installation directory.

    Default path for Windows:      C:\Program Files (x86)\Symantec\Scan Engine
    Default path for Linux/Solaris: /opt/SYMCScan/bin/

3. Take the back up of the following JARs from the installation directory.
    
- certinstall.jar  
- guijar.jar  
- serializer.jar  
- servers.jar  
- xalan.jar  
- xercesImpl.jar  
- xml-apis.jar    

4. Replace the JARs with JARs provided in the hotfix
5. Make sure that the permissions and ownershp of all the newly copied files are same as the backed up files.
6. Start the Symantec Protection Engine service and access the console.

Attachments

SPE_7.0.5_HF05.zip get_app