This discussion is archived
1 2 3 4 5 Previous Next 71 Replies Latest reply: Nov 19, 2012 2:59 PM by EJP Go to original post RSS
  • 15. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    New response as of March 23.

    Unchecking those items will NOT prevent the error messages. The check boxes are are related to the running of applets/applications that are signed. Unchecking those is not something that should be done for any length of time. The revocation list check really should be left in place as it could results in making a machine less secure when encountering applets/applications.

    ----------- Old response. ------------------------
    Unchecking those items will likely prevent the error messages. Though, unchecking those is not something that should be done for any length of time. The revocation list check really should be left in place as it could results in making a machine less secure.
    ----------- Old response. ------------------------

    -Roger


    Edited by: RogerL (Oracle) on Mar 23, 2012 2:51 PM
  • 16. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    921255 Newbie
    Currently Being Moderated
    Roger,

    Basically we install Update 31 and within 5-20 minutes the end user is looking at this security alert. We assumed it could possibly be our web filter however our entire Windows footprint (Mostly W7x32 SP1 with IE9, with a sprinkling of W7x64 SP1 with IE9 and some legacy XP SP3 with IE8) however our SA's are globally bypassed from the filter and are still getting it - nontheless I just now whitelisted the usertrust.com domain and we will see where that goes.

    Again, if we downrev our users to Update 30, the problem goes away so it's something that changed between 30 and 31.
  • 17. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    Thanks that is very helpful.

    The error is being seen on some of the machine or all machines once 6u31 is installed?
    Do you have any machines the the 6u31 64bit JRE installed? Is the error being seen there?

    -Roger
  • 18. Re: Security Alert / Revocation info for the sec cert since installing JRE
    924614 Newbie
    Currently Being Moderated
    In my case it automatically updates to the point of asking me first...then I allow it to continue. According to my computer it says it updated on March 17, 2012 but the message popup did not show up until later on the 17th when windows said I needed some security updates to be done to the computer...actually have ot seen anymore popups after the windows updater took care of the updates.

    According to the control panel it is set to check for updates on the 10th of each month, which until this point I did not know there was anything to do in the control panel (never saw a reason to open control panel up) I did not set the setting in the control panel either so figure it was automatically done when it updated.

    Have never had any popup message except for new version to ever happen either and I use Firefox 11 and Google Chrome as main browsers avoiding Ie totally unless I am checking how our websites are behaving.

    Am a home user with the cable modem that allows our 3 computers to access the internet-- the macintosh is older---very older OS so the java there is not this update...the dell inspirion 1501 >vista SR2 and the dell optiplex720>xp pro....and the only one with the error message was the inspirion.

    the initial installation took place without a problem cause I downloaded the update, removed the older version then installed the new...same as always.


    forgot to add all pc's are 32 bit no 64 bit at all

    Edited by: 921611 on Mar 19, 2012 7:39 PM

    Edited by: 921611 on Mar 19, 2012 7:40 PM
  • 19. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924957 Newbie
    Currently Being Moderated
    Roger,

    All of the computers had either 6u29 or 6u30. As for the installation process, it was very basic. I would go to java.com and click on the big red button that says "Free Java Download". The installation was successful, but the pop up appeared later that same day or the next day when they turned on their machines and logged in first thing in the morning.

    As for the error messages, the one that everyone is definitely seeing is the security alert with this message: "Revocation information for the security certificate for this site is not available. Do you want to proceed?"
    Yes/No/View Certificate

    ~OTTO IT
  • 20. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    Hi OTTO IT,

    Again thank you, very helpful.

    Two questions:
    1. Others have said that they were also seeing a second error message, something to the affect of . Unable to connect to https://cps.usertrust.com
    Did you also see that message at any time?

    2. Most of the posts on this thread about this error happened 16th and 17th. Is that when you saw the errors? Are you still seeing the errors as of today on any machines?

    Thank you very much,
    Roger
  • 21. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924957 Newbie
    Currently Being Moderated
    Hello Roger,

    We did not see this message: Unable to connect to https://cps.usertrust.com. As for the other one, it is still popping up. Our receptionist says she got it twice today, and gets it every time she logs on.

    ~ OTTO IT
  • 22. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    921255 Newbie
    Currently Being Moderated
    We're still seeing this ....

    Doesn't matter if we....

    Install update 31 on a brand new machine using either the offline installer or the web based installer.
    Upgrade from previous client using offline installer or web based installer.

    We've whitelisted cps.usertrust.com and that made zero difference - I'm going to now whitelist their whole /24 and see if that makes a difference.

    As we've said all along - this DOES NOT happen when using any version other then 31 - I've reinstalled using the now-obsoleted JRE6u30 and JRE6u29 and the problem goes away.

    Did you change cert providers in between versions?
  • 23. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    925668 Newbie
    Currently Being Moderated
    Hi

    We have the exact same problem and it started when we installed update 31. We are running the 32bit version of java end ie.
    There must be some kind of bug in that update - we are 150 persons who get the message 2-3 times per day ... really annoying!

    - Kaare Hansen, Denmark
  • 24. Re: Security Alert / Revocation info for the sec cert since installing JRE
    924614 Newbie
    Currently Being Moderated
    Just chiming in again with this tidbit. Our inspiron 1501 computer got the revocation pop up but not the unable to connect error at all. the optiplex 740 has gotten none of the messages and has no problems at all.

    Ans also since I posted and windows did several security updates I have not gotten the message again. Not during usage nor after rebooting the laptop.
  • 25. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    Hello,

    Given that you are still seeing this in your environment, can you send me two files? These will help us understand what may be taking place.

    1. Running this commend will generate out.txt, which shows the steps during the connection to access the update server. The 'curl' command is not a part of windows and can be found by your favorite search engine. Also, Mac OS X and Linux often have curl included in the OS.

    If you have a proxy, enter the proxy information in b)
    a) curl --trace-ascii curl.out "https://javadl-esd-secure.oracle.com/update/1.7.0/map-m-1.7.0.xml"
    b) curl proxy YOURPROXY:PROXYPORT trace-ascii curl.out "https://javadl-esd-secure.oracle.com/update/1.7.0/map-m-1.7.0.xml"

    2. Send the log file for autoupdate checking. This is stored the temp file as assigned in the system properties.
    %TEMP%/jusched.log

    You can send them directly to me at my first name, as listed below, ie first dot last @ oracle doc com: first.lewis@oracle.com

    Thank you,
    Roger
  • 26. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    927249 Newbie
    Currently Being Moderated
    RogerL, I will email you the data you requested, I have users with this issue as well, only the update 31.
  • 27. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    Hi 924246, for lack of a better name :)

    Can you also let me know if the machines facing the issue are using IPV6. If so, are they are using a double stack implementation. Info on this can be found here http://en.wikipedia.org/wiki/IPv6#Dual_IP_stack_implementation.

    Thank you for offering to send the data,
    Roger
  • 28. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    921255 Newbie
    Currently Being Moderated
    Roger,

    Our computers all come with both IPv4 and IPv6 loaded on them, just like every typical Windows 7 machine does (we don't go out of our way to turn it off) ... that said, we are NOT actively using IPv6.
  • 29. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    927562 Newbie
    Currently Being Moderated
    Hello Roger,
    I ran the curl command: curl --trace-ascii curl.out "https://javadl-esd-secure.oracle.com/update/1.7.0/map-m-1.7.0.xml"

    I did not get an out.txt but I did get this message:
    curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    More details here: http://curl.haxx.se/docs/sslcerts.html

    If I turn off curl's verification of the certificate, using the -k (or --insecure) option I get:
    <?xml version="1.0" encoding="ISO-8859-1" standalone="yes" ?>
    <java-update-map version="1.0">
    <mapping>
    <version>1.7.0</version>
    <url>https://javadl-esd-secure.oracle.com/1.7.0/au-descriptor-1.7.0_03-b05.
    xml</url>
    </mapping>
    <mapping>
    <version>1.7.0_01</version>
    <url>https://javadl-esd-secure.oracle.com/update/1.7.0/au-descriptor-1.7.0_
    03-b05.xml</url>
    </mapping>
    <mapping>
    <version>1.7.0_02</version>
    <url>https://javadl-esd-secure.oracle.com/update/1.7.0/au-descriptor-1.7.0_
    03-b05.xml</url>
    </mapping>
    </java-update-map>

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points