Java Error- Failed to validate the certificate

Question

I'm trying to access remote control of my IBM blade center management module through web console but it showing Failed to validate the certificate and unable to start the remote connection. Please check the attached image of error. Please reply if any one have its solution. Click here for screen shot

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: algorithm constraints check failed
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.getPermissions(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.defineClassHelper(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.access$100(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)

I have also commented this line jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

and also tried by removing all files from security but still getting the same error.

Answer 1

This worked for me...

To run JNLP files and start Remote Control Managed sessions not using pre-installed Controller, perform the following steps:

Open the "java.security" file available in the following directory: [installation_path]\server\java\jre\lib\security\java.security

Locate the "jdk.certpath.disabledAlgorithms" property and set it to the following value:

MD2, MD5, SHA1 jdkCA & usage TLSServer,
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224,
include jdk.disabled.namedCurves

Save the file and run the downloaded JNLP file.

found it here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101395

Answer 2

There is a workaround when Java fails to validate the certificate.

1. Open Configure Java Windows application

2. Click on Advanced Tab

3. Find the Perform signed code certificate revocation checks on option and change option to Certificate Revocation Lists (CRLs).

Find the Perform signed code certificate revocation checks on option and change setting to Do not check (not recommended).

Security Warning After your done with the connection, change the settings back for security reasons.

Choosing the option "Do not check (not recommended)" for signed code certificate revocation checks introduces significant security risks and is considered bad practice.

Disabling certificate revocation checks exposes systems to unnecessary security risks by trusting certificates that may have been revoked due to compromise, association with malicious activity, or other reasons. It's crucial to seek a balanced approach that maintains security without significantly impacting performance or usability.