Our system admins have upgraded JJRE 1.8.0_341-b31 to 1.8.0_35 1-b31 post which we are unable to run the web-console version 6.10.41 Dollar. With upgraded JRE we get below exception:

JNLPException[category: Security Error : Exception: null : LaunchDesc: 
....
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
 at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)

Release : 6.10.41

Component: ADLRUN : DOLLAR UNIVERSE

The cause of the issue is that the upgrade package of JRE 1.8.0.351_b31 have disabled SHA-1 Signed JARs. Please refer the release notes of JRE8u351 for more details.

The jars of Univiewer WebConsole are signed by SHA-1 and henceforth resulting in error in java debug console.

ERROR: Unsigned application requesting unrestricted access to system

    Unsigned resource: http://WEBCONSOLE_URL/uvc/jars/PubCommon.jar
    Unsigned resource: http://WEBCONSOLE_URL/uvc/jars/PubClient.jar

Recommendation:

• Upgrade to Dollar Universe 6.10.101 as the JAR's are signed with  SHA-256, henceforth below changes in interim resolution not required.

Interim Resolution

Follow below step to resolve the issue

• Navigate to JRE 8U351 install directory
• Locate the file lib\security\java.security
• Edit the file
• Remove SHA1 denyAfter 2019-01-01 from the list of disabledAlgorithms
  • Before

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
    DSA keySize < 1024, include jdk.disabled.namedCurves, \

    SHA1 denyAfter 2019-01-01

• • After

    jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
          DSA keySize < 1024, include jdk.disabled.namedCurves

• Save the file
• Relaunch the Univiewer webconsole

To determine the algorithm used for signing jars can be done by running below command and looking for specific algorithm

JAR Algorithm Validation

• Example: jarsigner.exe -verify -verbose -certs webapps\uvc\PubClient.jar