Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8190460

DRS jar invalid because the GeoTrust timestamp cert expired

    XMLWordPrintable

Details

    Description

      DRS jar becomes invalid Oct 30, 2017 because the timestamp cert expired, which should not happened as the jar signing cert is good and timestamped.

      The logs contain the following output:
      ...
      security: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
      security: The certificate has expired, but TSA is not valid
      ...
      ruleset: Exception parsing deployment rule set com.sun.deploy.security.BlockedException: Can not verify Deployment Rule Set jar due to certificate expiration
      com.sun.deploy.security.BlockedException: Can not verify Deployment Rule Set jar due to certificate expiration
      at com.sun.deploy.security.ruleset.DeploymentRuleSet.verifyRuleSetFile(Unknown Source)
      at com.sun.deploy.security.ruleset.DeploymentRuleSet.validateDRS(Unknown Source)
      at com.sun.deploy.security.ruleset.DeploymentRuleSet$1.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sun.deploy.security.ruleset.DeploymentRuleSet.initialize(Unknown Source)
      at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Oct 16 19:59:59 EDT 2014
      at sun.security.x509.CertificateValidity.valid(Unknown Source)
      at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
      at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
      at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
      at com.sun.deploy.security.TrustDecider.getJarValidationState(Unknown Source)
      at com.sun.deploy.security.TrustDecider.getJarValidationState(Unknown Source)
      ... 7 more
      com.sun.deploy.security.BlockedException: Can not verify Deployment Rule Set jar due to certificate expiration
      at com.sun.deploy.security.ruleset.DeploymentRuleSet.verifyRuleSetFile(Unknown Source)
      at com.sun.deploy.security.ruleset.DeploymentRuleSet.validateDRS(Unknown Source)
      at com.sun.deploy.security.ruleset.DeploymentRuleSet$1.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sun.deploy.security.ruleset.DeploymentRuleSet.initialize(Unknown Source)
      at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Oct 16 19:59:59 EDT 2014
      at sun.security.x509.CertificateValidity.valid(Unknown Source)
      at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
      at sun.security.x509.X509CertImpl.checkValidity(Unknown Source)
      at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
      at com.sun.deploy.security.TrustDecider.getJarValidationState(Unknown Source)
      at com.sun.deploy.security.TrustDecider.getJarValidationState(Unknown Source)
      ... 7 more

      Attachments

        Activity

          People

            dmarkov Dmitry Markov
            shadowbug Shadow Bug
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: