This discussion is archived
1 2 3 5 Previous Next 71 Replies Latest reply: Nov 19, 2012 2:59 PM by EJP RSS

Security Alert / Revocation info for the sec cert since installing JRE 6u31

921255 Newbie
Currently Being Moderated
We've been trying to keep up with getting the latest JRE client installed in our environment but since we rolled out update 31, our helpdesk is being flooded with calls with getting a popup box

"Revocation information for the security certificate for this site is not available. Do you want to proceed?"
Yes/No/View Certificate

The cert is issued to javadl-esd-secure.oracle.com

It affects all of our Windows users and all of which have IE 9, and it affects our standard users with no local admin rights and our SAs who do have local admin rights. Nothing on our network has changed other than going from update 30 to update 31.

I saw a thread on this forum regarding this the day update 31 from another SA and he was having the exact same issue we were and a couple of people posted follow-ons to it ....now, when I go to that link I get "The specified message [10187748] was not found. "

We've tried installing Java 7update 4 but that has its own problems.

If we roll back to update 30, the problem goes away until the automatic updater starts nagging you to update.

As far as what I've folktale answers I've found online:
"make sure the time is set correctly" - check, we set time off an NTP hosted in our home state.
"Silent installer is the problem" - Can't blame this - never used a silent installer - we've only installed via downloading the offline version of update 31, and use the web installer stub and both of those cause problems.

Is there a way to fix this aside from going into every profile and changing the certificate purposes, or is Oracle going to get around to fixing their cert?
  • 1. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    Hello,

    We have spent some time looking into this and we are not able to reproduce this and suspect that it could be an issue on the machines were the installation is taking place, or due to a networking issue. This is not an attempt to just toss is back and say 'not our problem'. We were certainly concerned with this post and wanted to verify that our certs and the revocation list does not have issues.

    Third Party document on various causes for this error:
    http://www.brighthub.com/internet/security-privacy/articles/82291.aspx
    - Update Root certs
    - Time/date out of sync, lear SSL state
    - re-register the dll files

    Microsoft article about with possible issues, the article is limited to Windows 2000, though it may apply to other versions:
    http://support.microsoft.com/kb/308087
    - Clear the Automatically detect proxy
    - Use a proxy server for this connection, enter address and port number of the proxy server that you use


    Also, we found we were able to access the revocation list through our internet network as well as outside our network. Not being able to access the revocation list could be an issue. Here is that URL:
    http://crl.usertrust.com/USERTrustLegacySecureServerCA.crl

    If you are able to identify an issue with cert or if the above solutions do not resolve the issue, please update this thread. Also update the thread if one of these does indeed solve the issue. It is always good to share what worked with others who could be seeing the same issue.

    -Roger

    updated Mar 15, 2012 w/additional text and links.
  • 2. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924538 Newbie
    Currently Being Moderated
    This started to happen today on all computers on my network.

    The specified CRL is no longer available "http://crl.usertrust.com/USERTrustLegacySecureServerCA.crl" or their PKI boxes are having issues. It actually appears that usertrust.com is offline right now
  • 3. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924558 Newbie
    Currently Being Moderated
    Me too post.
    The security alert pop up when my computer is going to check the update of JRE.
    JRE 6u31 and 7u3 are installed.
  • 4. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    402066 Newbie
    Currently Being Moderated
    Same issue for me since 1 or 2 days on my personal Win7 Home Premium SP1 (64-bit) box.
    I just plan to wait until the issue is solved by <whoever is responsible for this> ... ;-)
  • 5. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924582 Newbie
    Currently Being Moderated
    Windows 7 ultimate 64-bit here, fully verified and updated, using an admin account.

    Exact same error message has been popping up every few hours for the last day or two, even though I have not used any Java applications.
  • 6. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924585 Newbie
    Currently Being Moderated
    I'm getting the same error here.

    Attempting to access the URL you provided does not work. I also tried a manual telnet to the server as a test and this is what I got:

    $ dig crl.usertrust.com

    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> crl.usertrust.com
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32717
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;crl.usertrust.com. IN A

    ;; ANSWER SECTION:
    crl.usertrust.com. 5809 IN A 208.91.197.27

    ;; AUTHORITY SECTION:
    usertrust.com. 108212 IN NS ns38.worldnic.com.
    usertrust.com. 108212 IN NS ns37.worldnic.com.

    ;; Query time: 6 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sat Mar 17 05:50:26 2012
    ;; MSG SIZE rcvd: 98

    $ telnet 208.91.197.27 80
    Trying 208.91.197.27...
    telnet: connect to address 208.91.197.27: Connection timed out
    telnet: Unable to connect to remote host: Connection timed out
  • 7. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    865332 Newbie
    Currently Being Moderated
    this security alert popup is also displayed on my personal Windows (Vista) machine. Unable to connect to https://cps.usertrust.com
  • 8. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924591 Newbie
    Currently Being Moderated
    Yup it occurring here as well, come on get it sorted.
  • 9. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924600 Newbie
    Currently Being Moderated
    I got this error at work and at home starting yesterday. It's really annoying because you can't tell what it comes from very easily. Clicking view certificate gives the info that the certificate is issued to javadl-esd-secure.oracle.com and I recognized a pixelated orange java logo like the java updater.

    For googlers, on Win7 my error is "Revocation information for the security certificate for this site is not available. Do you want to proceed?"
  • 10. Re: Security Alert / Revocation info for the sec cert since installing JRE
    924614 Newbie
    Currently Being Moderated
    I am a home user...

    Dell Inspirion 1501
    Vista SR2
    Latest Java update done several weeks ago

    Today is the first time I got this error message alert about this topic. Seems there were several new security updates the computer deemed necessary which is what I think may have sprouted this alert.

    I did nothing but view the cert then did a google search and found this topic/forum.

    Why does it want me to app/install the cert to my computer?

    Edited by: 921611 on Mar 17, 2012 12:33 PM
  • 11. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924625 Newbie
    Currently Being Moderated
    I'm getting this error on 5 of 10 computers. I'm getting it on XP, Vista and Windows 7 Home Premium.
    I last installed java updates 2 weeks ago (March 3, 2012) .

    One observation: The computers where I went to the Java Updater in the control panel on March 3rd, to do the updates are all getting this error, the computer where I let java nag me into updating are not getting this error.

    Edited by: 921622 on Mar 17, 2012 5:28 PM

    Edited by: 921622 on Mar 18, 2012 5:10 AM
  • 12. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924957 Newbie
    Currently Being Moderated
    I run the help desk for the parent post and it is an ongoing issue. Shortly after going through and updating to JRE 6u31 I was flooded with phone calls and emails from users regarding the security alert. There are two things I have tried to get rid of this message; however, neither is acceptable as a solution. Reverting back to JRE 6u30 puts an end to it, but that is not the direction we are looking to go. The message also goes away by going to the Advanced tab in Internet Options and unchecking "Check for server certificate revocation" under Security. Although these got rid of the pop up window, I did not implement either change on our machines and have asked users to tolerate the message until a suitable solution is found.
  • 13. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    924614 Newbie
    Currently Being Moderated
    I hope this image comes through

    image control panel


    It is an image in my art gallery...nothing to hurt small eyes.

    I do not know if the items can be unchecked or not.

    hope this helps us all... I know Macintosh computers almost inside out but Windows xp-vista...pc in general I am still learning what I can/can't do.

    Edited by: 921611 on Mar 19, 2012 4:00 PM
  • 14. Re: Security Alert / Revocation info for the sec cert since installing JRE 6u31
    RogerL (Oracle) Java Champion
    Currently Being Moderated
    Hello OTTO IT,

    We are still investigating the issue and can not yet reproduce it. Hopefully yourself or others can provide a bit more information about the steps before the message appears and when it appears.

    For a specific computer, there was an older version (6u29, 30 etc)? Knowing a specific version my be useful.
    The update was attempted through a download from java.com or oracle.com? Or, was the auto update (popup bubble) used? Is the message is seen during installation?
    Or, post successful installation of 6u31, the message is seen, maybe 12-36 hours after the installation?

    In this thread there are two error messages that are listed. Are you seeing both messages?
    1. "Revocation information for the security certificate for this site is not available. Do you want to proceed?"
    Yes/No/View Certificate

    2. Unable to connect to https://cps.usertrust.com

    Thank you all for your efforts,
    Roger
1 2 3 5 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points