Java error "Failed to Validate Certificate"

jeffkrol · May 24, 2015, 10:39pm

Howdy,

I am getting the dreaded “Failed to Validate Certificate” error.

Ignition version: 7.6.6
Ignition Gateway Java version: 1.7.0_25
Ignition Client Java version: 1.8.0_31

I am not able to disable “Perform revocation checks” on our customer’s machines because this looks like a huge security risk to their IT department. I am also unable to upgrade to a newer version of Ignition (too much risk on my end!). Now I have a few questions:
[ol]
[li] There are seemingly two versions of Java at play here: the client and gateway versions. What exactly is each responsible for? Does it matter that they aren’t matching?
[/li]
[li] On my local development machine, the Gateway is running Java 1.8.0_31 and I never get this error. It seems that when the Gateway Java version and the client Java version are in agreement, there are no problems. So what exactly is happening in this case?
[/li]
[li] I have another site for our customer with the EXACT same installation details (7.6.6, 1.7.0_25) but I do not get the “Failed to Validate Certificate” error when I try to run the client for that site on my machine. What would be causing this difference?
[/li]
[li] The only other solution I have found for this issue is to add each gateway to each client machine’s site exception list. Again, this is another unacceptable solution as there are dozens of client machines (between the site, corporate, our support machines and their support machines) that will launch these HMIs and this quickly becomes an unmanageable task.[/li][/ol]

Kevin.Herron · May 26, 2015, 3:13pm

What version of windows are these clients running? When was the last time a windows update was applied? Do they have internet access?

jeffkrol · June 5, 2015, 7:36pm

For my development machine: Windows 7 professional, updated frequently and always on the internet.

Kevin.Herron · June 5, 2015, 7:55pm

Sure, but you said you are able to launch from your development machine without issue.

I’m interested in the Java version, OS, and update frequency of the client machines that can’t seem to launch a project.

jeffkrol · June 5, 2015, 9:11pm

Backing up, what I have is a local development Gateway on my machine running 7.6.6. I did all my testing and development in the office this way. When I went on site and tried to test on the production Gateway system (running Linux, not connected to the internet, running Java 1.7.0_25), I ran into these errors.

Here are the details for this issue:

[quote]Ignition version: 7.6.6

Production Gateway details: Ignition Gateway Java version: 1.7.0_25
Local Gateway/Client details: Ignition Client Java version: 1.8.0_31

Client machine: Windows 7 professional, updated frequently
Production machine details: Linux, not connected to the internet, running Java 1.7.0_25[/quote]

Thank you, Kevin.

Kevin.Herron · June 5, 2015, 9:45pm

Can you get a screenshot of the error message from one of the client machines that can’t launch?

Also - does the gateway have SSL/HTTPS enabled?

In the Java Control Panel for a client that cannot launch - is the security level “High” or “Very High”?