after updating a dev system to the latest Java 7 (1.7.0_13 on Win7-64) i am unable to start the designer or clients.
I already tried clearing the Ignition and Java caches without success.
Any idea what could be wrong?
Java WebStart fails with an InvalidKeyException.
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: java.security.InvalidKeyException: Wrong key usage
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException: java.security.InvalidKeyException: Wrong key usage
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
... 20 more
Caused by: java.security.InvalidKeyException: Wrong key usage
at java.security.Signature.initVerify(Unknown Source)
at sun.security.provider.certpath.OCSPResponse.verifyResponse(Unknown Source)
at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSPChecker.check(Unknown Source)
... 24 more
Go to Control Panel>Java, and then to the Advanced tab. Expand “Security”. Are either of the following two options selected?
“Check publisher certificate for revocation”
“Enable online certificate validation”
Deselecting those setting worked, but i am pretty sure that our IT department will not like this solution. Is this something that might be fixed in future Java / Ignition versions?
What version of Ignition are you currently using? This may be due to the certificate being expired in an older version of Ignition. Upgrading may correct the inability to validate the certificate.
Yes, it is. This is my private dev system, so there should be nothing preventing certificate evaluation. I just tried to disable the firewall but that made no difference.
The gateway runs in a VM on the same machine.
I will put a ticket in the system to have the development team take a look at this. I found some information regarding this error message, but it has to do with a potential bug in Java. The work around that I described to you is also found on the Oracle website. We do have some related forum threads in our forums.
I installed the latest version of Ignition (Ignition-7.6.0-windows-x64-installer) and the latest version of java (Version 7 Update 21) yesterday and still have this problem.
What certificate type should I look at?
There is Trusted Certificates, Secure Site, Signer CA, Secure Site CA and Client Authentication.
And a User and System tab.
My computers OS is Ubuntu Linux, I’m running Ignition on a Windows 7 virtual machine (vmware).
Don’t know if this could have anything to do with the problem.
You do not need any certificates. The certificates are contained within the application. I suspect that something is strange with your java installation, as we are unable to reproduce this issue. You might try updating to the latest version of Java 7?