search cancel

Unable to launch ProxySG Web Management Console after updating JRE on client to Jave 8 Updated 351.

book

Article ID: 252815

calendar_today

Updated On:

Products

ProxySG Software - SGOS Advanced Secure Gateway Software - ASG ISG Proxy

Issue/Introduction

When trying to execute the jnlp to launch the ProxySG Management console we get error.  If click on details button we see:

Error: Unsigned application requesting  unrestricted access to system

Environment

Updated java/jre on Windows workstation to :  Java 8 Update 351

Cause

Some jar files not properly signed that Web Management Console uses.

Resolution

Reported to Engineering

The SG Admin Console is the successor to the Java-based Management Console. The best resolution would be to use the SG Admin Console moving forward. For information on the future of the Java-based Management Console and the SGAC, refer to the following KB article: https://knowledge.broadcom.com/external/article/251426 . For those that still wish to use the Java based console, the following workarounds are available:

Workaround

 1) Either uninstall JRE 8 351 and then install JRE8 341 or earlier version.  
or
 2) Modify the java.security file  As Administrator edit "C:\Program Files (x86)\Java\jre1.8.0_351\lib\security\java.security" Search for and comment the following line: "jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \"
find the lines:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves, \
      SHA1 denyAfter 2019-01-01

We need to comment out the "SHA1 denyAfter 2019-01-01" line, but also need to remove the ", \" on the preceding line. So should look like:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves
#      SHA1 denyAfter 2019-01-01

Save and re-launch jnlp. 

or

3) Use the JRE8 341 to only launch the management console's *.jnlp file. Use the JRE8 351 for other java applications. 

Locate the bin folder for JRE8 341 and launch the *.jnlp file manually using command prompt.

 

Additional Information

Clicking on Launch Tab on the error box contained following full info

<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.5+" codebase="https://192.168.68.250:8082" href="Secure/Local/console/r278442/mc.jnlp" version="2.0">
    <information>
        <title>Launch the Management Console with Java Web Start</title>
        <vendor>Symantec Corporation</vendor>
    </information>
    <security>
        <all-permissions />
    </security>
    <resources>
        <java version="1.8+" href="http://java.sun.com/products/autodl/j2se"
         java-vm-args="--add-opens=java.base/java.net=ALL-UNNAMED --add-exports=jdk.javaws/com.sun.jnlp=ALL-UNNAMED --add-opens=java.base/sun.net.www.protocol.http=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.jar=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.security=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.https=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.basic=ALL-UNNAMED -Djdk.tls.useExtendedMasterSecret=false" />
        <jar href="Secure/Local/console/r278442/loader.jar" main="true" />
        <jar href="Secure/Local/console/r278442/applets.jar" />
        <jar href="Secure/Local/console/r278442/sgcommon.jar" />
        <jar href="Secure/Local/console/r278442/VPM.jar" />
        <jar href="Secure/Local/console/r278442/vpmhelp.jar"/>
    </resources>
    <application-desc main-class="bluecoat.sgos.ui.loader.SG_UIAppJavaWebStart" />
</jnlp>

Clicking on Exception Tab shows

JNLPException[category: Security Error : Exception: null : LaunchDesc: 
<jnlp spec="1.5+" codebase="https://192.168.68.250:8082" href="Secure/Local/console/r278442/mc.jnlp" version="2.0">
  <information>
    <title>Launch the Management Console with Java Web Start</title>
    <vendor>Symantec Corporation</vendor>
  </information>
  <security>
    <all-permissions/>
  </security>
  <resources>
    <java version="1.8+" href="http://java.sun.com/products/autodl/j2se" java-vm-args="--add-opens=java.base/java.net=ALL-UNNAMED --add-exports=jdk.javaws/com.sun.jnlp=ALL-UNNAMED --add-opens=java.base/sun.net.www.protocol.http=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.jar=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.security=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.https=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.basic=ALL-UNNAMED -Djdk.tls.useExtendedMasterSecret=false"/>
    <jar href="Secure/Local/console/r278442/loader.jar" main="true"/>
    <jar href="Secure/Local/console/r278442/applets.jar"/>
    <jar href="Secure/Local/console/r278442/sgcommon.jar"/>
    <jar href="Secure/Local/console/r278442/VPM.jar"/>
    <jar href="Secure/Local/console/r278442/vpmhelp.jar"/>
  </resources>
  <application-desc main-class="bluecoat.sgos.ui.loader.SG_UIAppJavaWebStart"/>
</jnlp> ]
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
 at com.sun.javaws.Launcher.prepareResources(Unknown Source)
 at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
 at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
 at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
 at com.sun.javaws.Launcher.launch(Unknown Source)
 at com.sun.javaws.Main.launchApp(Unknown Source)
 at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
 at com.sun.javaws.Main.access$000(Unknown Source)
 at com.sun.javaws.Main$1.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)

 

Attachments