search cancel

Webconsole failed to run with Java updated to 1.8.0_351-b31

book

Article ID: 254772

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Our system admins have upgraded JJRE 1.8.0_341-b31 to 1.8.0_35 1-b31 post which we are unable to run the web-console version 6.10.41 Dollar. With upgraded JRE we get below exception:

JNLPException[category: Security Error : Exception: null : LaunchDesc: 
....
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)

Environment

Release : 6.10.41

Component: ADLRUN : DOLLAR UNIVERSE

Cause

The cause of the issue is that the upgrade package of JRE 1.8.0.351_b31 have disabled SHA-1 Signed JARs. Please refer the release notes of JRE8u351 for more details.

The jars of Univiewer WebConsole are signed by SHA-1 and henceforth resulting in error in java debug console.

ERROR: Unsigned application requesting unrestricted access to system

    Unsigned resource: http://WEBCONSOLE_URL/uvc/jars/PubCommon.jar
    Unsigned resource: http://WEBCONSOLE_URL/uvc/jars/PubClient.jar

Resolution

Recommendation:

  • Upgrade to Dollar Universe 6.10.101 as the JAR's are signed with  SHA-256, henceforth below changes in interim resolution not required.

Interim Resolution

Follow below step to resolve the issue

  • Navigate to JRE 8U351 install directory
  • Locate the file lib\security\java.security
  • Edit the file
  • Remove SHA1 denyAfter 2019-01-01 from the list of disabledAlgorithms
    • Before

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
    DSA keySize < 1024, include jdk.disabled.namedCurves, \

    SHA1 denyAfter 2019-01-01

    • After

      jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
            DSA keySize < 1024, include jdk.disabled.namedCurves

  • Save the file
  • Relaunch the Univiewer webconsole

Additional Information

To determine the algorithm used for signing jars can be done by running below command and looking for specific algorithm

JAR Algorithm Validation

  • Example: jarsigner.exe -verify -verbose -certs webapps\uvc\PubClient.jar