ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unable to load OneClick Client: RevocationChecker$StatusUnknownException Connection reset

book

Article ID: 227042

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction


javax.net.ssl.SSLHandshakeException: com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.net.SocketException: Connection reset

 

When trying to open oneclick console I receive the following error:

<?xml version="1.0" encoding="utf-8"?>
<!-- JNLP File for Session Client -->
<jnlp spec="1.0+" codebase="https://OneClickServer.acme.net:8443/spectrum"  href="">
  <information>
    <title>DX NetOps Spectrum OneClick Console on OneClickServer.acme.net</title>
    <vendor>CA Technologies, A Broadcom Company</vendor>
    <homepage href="index.jsp"/>
    <description>DX NetOps Spectrum OneClick Console</description>
    <description kind="short">DX NetOps Spectrum OneClick Console</description>
    <icon href="images/i_icon.jpg"/>
    <!-- <offline-allowed/> -->
  </information>

  <security>
    <all-permissions/>
  </security>

    <!-- If you wish to force 64bit or 32bit OC client, replace <resources> tag with one that
         specifies an architecture - "amd64" for x64 and "x86" for x32, see below examples.

         You can copy oneclick.jnlp to oneclick32.jnlp or oneclick64.jnlp, and customize platform & memory,
         and then new launch points will be added automatically to OC admin page.

         Note: For arch specifiers to work properly, you must exactly match the JRE version or
               make sure the "Allow new versions" checkbox is checked in the supported
               JRE Version configuration.

  <resources arch="amd64"> 
  <resources arch="x86">
    -->
  <resources>

    <!-- This is used for the alarm notification dialog and will
         prevent the background color from being shown, so you will
         not get a flash of color.  In order for this property to
         be set you need to have the following
           deployment.javaws.secure.properties=sun.awt.noerasebackground
         in the deployment.config file which lives in 
           <Windows Directory>\Sun\Java\Deployment\deployment.config on Windows
              and
           /etc/.java/deployment/deployment.config on Unix.
    -->
    <property name="sun.awt.noerasebackground" value="true"/>
    <!-- To get rid of Java Authentication Required dialog -->
    <property name="javaws.cfg.jauthenticator" value="true" />

    <j2se version="1.8.0_292+" java-vm-args="--add-modules=java.se.ee" href="http://java.sun.com/products/autodl/j2se"
          initial-heap-size="96m" max-heap-size="1024m"/>

    <jar href="lib/clientconsole.jar;no_javaws_cheat"/>
    <jar href="lib/clientalarm.jar;no_javaws_cheat"/>
    <jar href="lib/clienttopo.jar;no_javaws_cheat"/>
    <jar href="lib/jgraphx.jar;no_javaws_cheat"/>
    <jar href="lib/webswing-api.jar;no_javaws_cheat"/>
    <jar href="lib/clientapp.jar;no_javaws_cheat"/>
    <jar href="lib/clientevent.jar;no_javaws_cheat"/>
    <jar href="lib/clientadmin.jar;no_javaws_cheat"/>
    <jar href="lib/util.jar;no_javaws_cheat"/>
    <jar href="lib/utilsrv.jar;no_javaws_cheat"/>
    <jar href="lib/utilnet.jar;no_javaws_cheat"/>
    <jar href="lib/utilapp.jar;no_javaws_cheat"/>
    <jar href="lib/utilgui.jar;no_javaws_cheat"/>
    <jar href="lib/jecds.jar;no_javaws_cheat"/>
    <jar href="lib/global.jar;no_javaws_cheat"/>
    <jar href="lib/productsuite.jar;no_javaws_cheat"/>
    <jar href="lib/jdom.jar;no_javaws_cheat"/>
    <jar href="lib/xercesImpl.jar;no_javaws_cheat"/>
    <jar href="lib/xml-apis.jar;no_javaws_cheat"/>
    <jar href="lib/commons-collections.jar;no_javaws_cheat"/>
    <jar href="lib/mindterm.jar;no_javaws_cheat"/>
    <jar href="lib/oneclickclient.jar;no_javaws_cheat"/>
    <jar href="lib/occversion.jar;no_javaws_cheat"/>
    <jar href="lib/icu4j-55_2.jar;no_javaws_cheat"/>
    <extension name="RSA Crypto-J" href="cryptoj.jnlp"/>
    <!-- To use embedded browser in OneClick, you need to copy
         3rd party jars from CDs (DJNativeSwing.jar, DJNativeSwing-SWT.jar,
         swt-win32.jar, swt-wlinux.jar, jna.jar)
         to <...>/tomcat/webapps/spectrum/lib, and uncomment
         following line.
    -->
    <!--
    <extension name="Embedded Browser" href="embedded-browser.jnlp"/>
    -->
    <jar href="lib/contrib/clientjdcm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientbluct.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmotbb.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientligowav.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientnege.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientacpa.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmib.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientwily.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmpls.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientfndry.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmmsw.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienthost.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientveloe.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientiprm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcommscp.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientntscr.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienthuawe.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientpoly.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientsvdsk.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienthpprocurve.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienthstca.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientvdm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientfeye.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientqos.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienthph3c.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientaruba.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienteffip.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientsanm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmerak.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienthirs.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientsdm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/json.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcpqnk.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientpcktr.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientec.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcluster.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientsvpk.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcrpo.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientf5bigip.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientionmm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientvptl.jar;no_javaws_cheat"/>
<jar href="lib/contrib/version.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientften.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienttoshi.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientgigam.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientsdn.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmitsu.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientgeltr.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienteventcorrelation.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientjunpr.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientpalo.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientvorm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientvpls.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientpolicy.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientavin.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientrvbed.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientadisc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmulticast.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientscm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientextrm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientapc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcrsbm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientnetqos.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcitrix.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientfubld.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientinfoblox.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienttelco.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientntopt.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientteldat.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcivpn.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clienthpbld.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientwlc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientvhm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientalctl.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientfosc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientwwpck.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientspm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientadva.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientlmtmgr.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientavoc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmtel.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientnetop.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientrex.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientadtrn.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcisco.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmtrix.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientairsp.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientoacc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientharis.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientades.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientaudc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientroam.jar;no_javaws_cheat"/>
<jar href="lib/contrib/utilncm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientrosc.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmotnt.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcmls.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientslm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientciucs.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientrcom.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientversa.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientcss.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientsecu.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientliebt.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientlancm.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientforti.jar;no_javaws_cheat"/>
<jar href="lib/contrib/clientmisen.jar;no_javaws_cheat"/>
<jar href="lib/cont
jnlp file truncated after 10K

*************************************************

javax.net.ssl.SSLHandshakeException: com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.net.SocketException: Connection reset
 at sun.security.ssl.Alert.createSSLException(Unknown Source)
 at sun.security.ssl.TransportContext.fatal(Unknown Source)
 at sun.security.ssl.TransportContext.fatal(Unknown Source)
 at sun.security.ssl.TransportContext.fatal(Unknown Source)
 at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
 at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
 at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
 at sun.security.ssl.SSLHandshake.consume(Unknown Source)
 at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
 at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
 at sun.security.ssl.TransportContext.dispatch(Unknown Source)
 at sun.security.ssl.SSLTransport.decode(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
 at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
 at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
 at com.sun.deploy.net.BasicHttpRequest.doHeadRequestEX(Unknown Source)
 at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
 at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
 at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
 at com.sun.deploy.cache.ResourceProviderImpl.getJreResource(Unknown Source)
 at com.sun.javaws.LaunchDownload._downloadExtensionsHelper(Unknown Source)
 at com.sun.javaws.LaunchDownload.downloadExtensionsHelper(Unknown Source)
 at com.sun.javaws.LaunchDownload.downloadExtensions(Unknown Source)
 at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source)
 at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
 at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
 at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
 at com.sun.javaws.Launcher.launch(Unknown Source)
 at com.sun.javaws.Main.launchApp(Unknown Source)
 at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
 at com.sun.javaws.Main.access$000(Unknown Source)
 at com.sun.javaws.Main$1.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
Caused by: com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.net.SocketException: Connection reset
 at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
 at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
 at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
 at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
 at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
 at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
 at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
 at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
 ... 42 more
 Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.net.SocketException: Connection reset
  at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
  ... 49 more
 Caused by: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.net.SocketException: Connection reset
  at sun.security.provider.certpath.URICertStore.engineGetCRLs(Unknown Source)
  at java.security.cert.CertStore.getCRLs(Unknown Source)
  at sun.security.provider.certpath.DistributionPointFetcher.getCRL(Unknown Source)
  at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
  at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
  at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
  at com.sun.deploy.security.RevocationChecker$3.run(Unknown Source)
  at com.sun.deploy.security.RevocationChecker$3.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sun.deploy.security.RevocationChecker.getCRLsPrivileged(Unknown Source)
  ... 50 more
 Caused by: java.net.SocketException: Connection reset
  at java.net.SocketInputStream.read(Unknown Source)
  at java.net.SocketInputStream.read(Unknown Source)
  at java.io.BufferedInputStream.fill(Unknown Source)
  at java.io.BufferedInputStream.read1(Unknown Source)
  at java.io.BufferedInputStream.read(Unknown Source)
  at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
  at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
  at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  ... 60 more
Caused by: java.net.SocketException: Connection reset
 at java.net.SocketInputStream.read(Unknown Source)
 at java.net.SocketInputStream.read(Unknown Source)
 at java.io.BufferedInputStream.fill(Unknown Source)
 at java.io.BufferedInputStream.read1(Unknown Source)
 at java.io.BufferedInputStream.read(Unknown Source)
 at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
 at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
 at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.security.AccessController.doPrivilegedWithCombiner(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 at sun.security.provider.certpath.OCSP.getOCSPBytes(Unknown Source)
 at sun.security.provider.certpath.OCSP.check(Unknown Source)
 at sun.security.provider.certpath.OCSP.check(Unknown Source)
 at com.sun.deploy.security.RevocationChecker$2.run(Unknown Source)
 at com.sun.deploy.security.RevocationChecker$2.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.deploy.security.RevocationChecker.doPrivilegedOCSPCheck(Unknown Source)
 ... 50 more

Cause


When java processes the jar files that make up the OneClick console it checks the SSL Certificate used to sign
   the jar files to identify the validity of the software vendor (CA Technologies / Broadcom in this case). 

Part of this process is to verify that the certificate used has not been revoked using a OCSP revocation check to
   the Certificate Authority's server. In the case of NetOps 21.2.x the jar files are signed by Symantec and Digicert so
   OCSP calls via HTTP are made to those external servers to verify the certificates are still valid. The calls here are
   failing and in turn JRE does not continue to load the console.


Environment

Release : 21.2.x

Component : Spectrum OneClick

Resolution


In this case, there had been network changes made which blocked the HTTP calls to Symantec and Digicerts certificate
   servers causing the console to fail to launch (connection reset). The changes made in the network were corrected.