Unable to launch the Edge SWG (formerly ProxySG) Java Management Console after updating JRE on client to Java 8 update 351.
search cancel

Unable to launch the Edge SWG (formerly ProxySG) Java Management Console after updating JRE on client to Java 8 update 351.

book

Article ID: 252815

calendar_today

Updated On:

Products

ProxySG Software - SGOS Advanced Secure Gateway Software - ASG ISG Proxy

Issue/Introduction

When trying to execute JNLP launcher for the Edge SWG Management console, it fails to launch and the error provided is:

Error: Unsigned application requesting  unrestricted access to system

Environment

Updated Java/JRE to Java 8 Update 351 or later

Cause

Some Java Management Console (JavaMC) jar files are not signed with a method compatible with Java 8 Update 351 or later

Resolution

To manage the ProxySG/Edge SWG use the SG Admin Console, which is the successor to the Java-based Management Console.

For information on the future of the Java-based Management Console and the SGAC, refer to:

Broadcom is not updating the EdgeSWG(ProxySG) JavaMC to be supported on Java/JRE 1.8.0_351 or later.

For those that still wish to use the Java-based console, the following workarounds are currently available:

Workarounds

Choose one of the three methods to work around this issue.

Method 1: Revert to an old version of Java/JRE

Uninstall Java/JRE 8 351 and then install Java/JRE 8 update 341 or an earlier version.

Method 2: Modify the java.security file

(Important Note:  Newer versions of Java require additional modifications.  Original change was for Java 8 Update 351.  Additional modifications might need to be done to work for Java 8 update 361 or higher versions).

Change required for  Java 8 Update 351

Modify the java.security file as Administrator edit "C:\Program Files (x86)\Java\jre1.8.0_351\lib\security\java.security" Search for and comment the following line: "jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \"
find the lines:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves, \
      SHA1 denyAfter 2019-01-01

Comment out the "SHA1 denyAfter 2019-01-01" line, but also need to remove the ", \" on the preceding line. So should look like:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves
#      SHA1 denyAfter 2019-01-01

Additional change required for Java 8 Update 361 or later (Tested up to Java 8 Update 381).

Comment out the "SHA1 usage SignedJAR & denyAfter 2019-01-01" line, but also need to remove the ", \" on the preceding line. So should look like:

jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
    include jdk.disabled.namedCurves
# disabled for KB 252815
#    , \
#    SHA1 usage SignedJAR & denyAfter 2019-01-01

Save and re-launch the Java Management Console JNLP launcher. 

Method 3: Utilize the Java/JRE 8 update 341 executable to launch the Java Management Console JNLP launcher

Use the Java/JRE 8 update 341 to only launch the management console's *.jnlp file. Use the Java/JRE 8 update 351 for other java applications. 

Locate the bin folder for Java/JRE 8 update 341 and launch the *.jnlp file manually using command prompt.

 

Additional Information

Clicking on Launch Tab on the error box contained the following info:

<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.5+" codebase="https://192.168.68.250:8082" href="Secure/Local/console/r278442/mc.jnlp" version="2.0">
    <information>
        <title>Launch the Management Console with Java Web Start</title>
        <vendor>Symantec Corporation</vendor>
    </information>
    <security>
        <all-permissions />
    </security>
    <resources>
        <java version="1.8+" href="http://java.sun.com/products/autodl/j2se"
         java-vm-args="--add-opens=java.base/java.net=ALL-UNNAMED --add-exports=jdk.javaws/com.sun.jnlp=ALL-UNNAMED --add-opens=java.base/sun.net.www.protocol.http=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.jar=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.security=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.https=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.basic=ALL-UNNAMED -Djdk.tls.useExtendedMasterSecret=false" />
        <jar href="Secure/Local/console/r278442/loader.jar" main="true" />
        <jar href="Secure/Local/console/r278442/applets.jar" />
        <jar href="Secure/Local/console/r278442/sgcommon.jar" />
        <jar href="Secure/Local/console/r278442/VPM.jar" />
        <jar href="Secure/Local/console/r278442/vpmhelp.jar"/>
    </resources>
    <application-desc main-class="bluecoat.sgos.ui.loader.SG_UIAppJavaWebStart" />
</jnlp>

Clicking on Exception Tab shows

JNLPException[category: Security Error : Exception: null : LaunchDesc: 
<jnlp spec="1.5+" codebase="https://192.168.68.250:8082" href="Secure/Local/console/r278442/mc.jnlp" version="2.0">
  <information>
    <title>Launch the Management Console with Java Web Start</title>
    <vendor>Symantec Corporation</vendor>
  </information>
  <security>
    <all-permissions/>
  </security>
  <resources>
    <java version="1.8+" href="http://java.sun.com/products/autodl/j2se" java-vm-args="--add-opens=java.base/java.net=ALL-UNNAMED --add-exports=jdk.javaws/com.sun.jnlp=ALL-UNNAMED --add-opens=java.base/sun.net.www.protocol.http=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.jar=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.security=ALL-UNNAMED --add-opens=jdk.deploy/com.sun.deploy.net.protocol.https=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/javax.swing.plaf.basic=ALL-UNNAMED -Djdk.tls.useExtendedMasterSecret=false"/>
    <jar href="Secure/Local/console/r278442/loader.jar" main="true"/>
    <jar href="Secure/Local/console/r278442/applets.jar"/>
    <jar href="Secure/Local/console/r278442/sgcommon.jar"/>
    <jar href="Secure/Local/console/r278442/VPM.jar"/>
    <jar href="Secure/Local/console/r278442/vpmhelp.jar"/>
  </resources>
  <application-desc main-class="bluecoat.sgos.ui.loader.SG_UIAppJavaWebStart"/>
</jnlp> ]
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
 at com.sun.javaws.Launcher.prepareResources(Unknown Source)
 at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
 at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
 at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
 at com.sun.javaws.Launcher.launch(Unknown Source)
 at com.sun.javaws.Main.launchApp(Unknown Source)
 at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
 at com.sun.javaws.Main.access$000(Unknown Source)
 at com.sun.javaws.Main$1.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)

 

Attachments

1690384695885__java.security get_app
Powered by Wolken Software