Forum Stats

  • 3,838,660 Users
  • 2,262,390 Discussions
  • 7,900,728 Comments

Discussions

JRE 8 update 51 shows warning message

mvittal
mvittal Member Posts: 4

Hi All,
We have web application accessing through IE 11 using Load balancer url, certificates are deployed on Load balancer, see warning message with JRE Java 8 update 51, whereas the application works fine with Java 8 update 25, attached screen shots of sample certificates. Please advice what might causing.

In working case(Java 8 update 25), Certification Authority is connected using proxy url, whereas in issue case(Java 8 update 51) Certification Authority connected directly.

1. Below is Java console trace with Java 8 update 25
network: Connecting http://ocsp.verisign.com/ with proxy=HTTP @ xxweb.xx.xxx/xx.xxx.xxx.xx:9999
security: OCSP Response: GOOD

2. Below is Java console trace with Java 8 update 51.

security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
network: Connecting http://ocsp.verisign.com/ with proxy=DIRECT
network: Connecting http://ocsp.verisign.com:80/ with proxy=DIRECT
security: Failing over to CRLs: java.net.SocketTimeoutException: connect timed out
network: Connecting http://crl.verisign.com/pca3-g5.crl with proxy=DIRECT
[b]network: Connecting http://crl.verisign.com:80/ with proxy=DIRECT[/b]
security: Revocation Status Unknown
com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.net.SocketTimeoutException: connect timed out
    at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
    at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
    at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
    at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
    at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    
    ....
    ....
    
    Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.net.SocketTimeoutException: connect timed out
        at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
        ... 74 more
    Caused by: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.net.SocketTimeoutException: connect timed out
        at sun.security.provider.certpath.URICertStore.engineGetCRLs(Unknown Source)
        at java.security.cert.CertStore.getCRLs(Unknown Source)

Java 8 update 51.png

This discussion has been closed.