IBM Support

IV36093: WEBSTART APPLICATION FAILURE IN CASE WHEN THE APPLICATION JARS H AVE EXPIRED CERTIFICATES.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: Customer use to observe WebStart Application
failure with IBM JDK 7, when the application jars use to have
expired certificates.
.
Stack Trace: WebStart application launch use to fail with below
exception :-
com.ibm.security.validator.ValidatorException: PKIX path
validation failed:
java.security.cert.CertPathValidatorException: The certificate
expired at Mon Aug 30 05:29:59 IST 2010; internal cause is:
java.security.cert.CertificateExpiredException: NotAfter: Mon
Aug 30 05:29:59 IST 2010
at
com.ibm.security.validator.PKIXValidator.doValidate(PKIXValidato
r.java:334)
at
com.ibm.security.validator.PKIXValidator.engineValidate(PKIXVali
dator.java:235)
at
com.ibm.security.validator.Validator.validate(Validator.java:257
)
at
com.ibm.security.validator.Validator.validate(Validator.java:233
)
at
com.ibm.security.validator.Validator.validate(Validator.java:202
)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown
Source)
at
com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unkn
own Source)
at
com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknow
n Source)
at
com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedRes
ourcesHelper(Unknown Source)
at
com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedRes
ources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Thread.java:780)
Caused by: java.security.cert.CertPathValidatorException: The
certificate expired at Mon Aug 30 05:29:59 IST 2010; internal
cause is:
java.security.cert.CertificateExpiredException: NotAfter: Mon
Aug 30 05:29:59 IST 2010
at
com.ibm.security.cert.BasicChecker.check(BasicChecker.java:203)
at
com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(P
KIXCertPathValidatorImpl.java:294)
at
java.security.cert.CertPathValidator.validate(CertPathValidator.
java:265)
at
com.ibm.security.validator.PKIXValidator.doValidate(PKIXValidato
r.java:329)
... 19 more
Caused by: java.security.cert.CertificateExpiredException:
NotAfter: Mon Aug 30 05:29:59 IST 2010
at
com.ibm.security.x509.CertificateValidity.valid(CertificateValid
ity.java:458)
at
com.ibm.security.x509.X509CertImpl.checkValidity(X509CertImpl.ja
va:731)
at
com.ibm.security.cert.BasicChecker.check(BasicChecker.java:200)
... 22 more
.
N/A

Local fix

  • N/A

Problem summary

  • Ideally when an user encounter CertificateExpiredException for a
WebStart application jar, which contains expired certificate,
then it should prompt the Warning box to user and let user
decide whether to launch the application or not. The problem use
to happen as the JDK code was not handling the
CertificateExpiredException properly to prompt the Warning box
for user.

Problem conclusion

  • This defect will be fixed in:
7.0.0 SR5
.
The JVM has been updated properly to handle the
CertificateExpiredException when a WebStart application jar
contains expired certificate.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV36093
    • 

  • Reported component name
    JAVA CLASS LIBS
    • 

  • Reported component ID
    620700130
    • 

  • Reported release
    700
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-01-30
    • 

  • Closed date
    2013-04-23
    • 

  • Last modified date
    2013-04-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JAVA CLASS LIBS
    • 

  • Fixed component ID
    620700130
    • 



Applicable component levels


    

  • R700  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            21 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback