Cannot validate remote-poller code certificate JRE 8u74 or newer
Description
With JRE 8 update 74 or newer, when trying to run remote poller agent on windows (tried 8.1 and 2008), it can't validate certificate for otg.opennms.features.poller.remote.jar.
I think it's related to a Thawte intermediate SHA1 certificate that was removed. Tried to fix it installing old Thawte certs in java vault without luck.
This is the complete exception. It says (translated from spanish): Couldn't verify signature for resource http://...
ava.security.cert.CertificateException: No se ha podido verificar la firma del recurso: http://192.168.3.215:8980/opennms-remoting/webstart/org.opennms.features.poller.remote.jar at com.sun.deploy.security.TrustDecider.ensureAllJarEntriesSigned(Unknown Source) at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source) at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source) at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source) at com.sun.deploy.security.DeployURLClassLoader.getResourcePermission(Unknown Source) at com.sun.deploy.security.DeployURLClassLoader.getResourceAsStream(Unknown Source) at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:166) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:329) at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:216) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:187) at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:251) at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:127) at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:93) at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129) at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:540) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:454) at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139) at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:93) at org.opennms.poller.remote.Main.createAppContext(Main.java:294) at org.opennms.poller.remote.Main.run(Main.java:167) at org.opennms.poller.remote.Main.main(Main.java:398) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: com.sun.deploy.net.JARSigningException: No se ha podido verificar la firma del recurso: http://192.168.3.215:8980/opennms-remoting/webstart/org.opennms.features.poller.remote.jar ... 33 more
Made a few changes to the way JNLP stuff is handled and backported Markus's "run-expensive-tasks" support to the release-18.0.3 branch and I can confirm that with these packages, everything runs fine with a modern JDK.
Seth Leger September 19, 2016 at 5:06 PM
This should be resolved when we renew our JAR-signing certificate.
With JRE 8 update 74 or newer, when trying to run remote poller agent on windows (tried 8.1 and 2008), it can't validate certificate for otg.opennms.features.poller.remote.jar.
I think it's related to a Thawte intermediate SHA1 certificate that was removed. Tried to fix it installing old Thawte certs in java vault without luck.
This is the complete exception. It says (translated from spanish): Couldn't verify signature for resource http://...
ava.security.cert.CertificateException: No se ha podido verificar la firma del recurso: http://192.168.3.215:8980/opennms-remoting/webstart/org.opennms.features.poller.remote.jar
at com.sun.deploy.security.TrustDecider.ensureAllJarEntriesSigned(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourcePermission(Unknown Source)
at com.sun.deploy.security.DeployURLClassLoader.getResourceAsStream(Unknown Source)
at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:166)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:329)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:303)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:216)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:187)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:251)
at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:127)
at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:93)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:540)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:454)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:93)
at org.opennms.poller.remote.Main.createAppContext(Main.java:294)
at org.opennms.poller.remote.Main.run(Main.java:167)
at org.opennms.poller.remote.Main.main(Main.java:398)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: com.sun.deploy.net.JARSigningException: No se ha podido verificar la firma del recurso: http://192.168.3.215:8980/opennms-remoting/webstart/org.opennms.features.poller.remote.jar
... 33 more
Regards,
Tomás