Unsolved
1 Rookie
•
4 Posts
0
1260
iDrac6 R710 Error Failed to validate certificate ?
BIOS Version 6.1.0
Firmware Version 2.85 (Build 04)
Subject Information:
Country Code (CC) : US
State (S) : Texas
Locality (L) : Round Rock
Organization (O) : Dell Inc.
Organizational Unit (OU) : Remote Access Group
Common Name (CN) : iDRAC6 default certificate
Issuer Information:
Country Code (CC) : US
State (S) : Texas
Locality (L) : Round Rock
Organization (O) : Dell Inc.
Organizational Unit (OU) : Remote Access Group
Common Name (CN) : iDRAC6 default certificate
Valid From : Jun 5 03:58:15 2014 GMT
Valid To : Jun 4 03:58:15 2024 GMT
Error Text :
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: denyAfter constraint check failed: SHA1 used with Constraint date: 2019-01-01; params date: 2024-03-07T09:39:40.468Z used with certificate: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException: denyAfter constraint check failed: SHA1 used with Constraint date: 2019-01-01; params date: 2024-03-07T09:39:40.468Z used with certificate: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
... 21 more
Caused by: java.security.cert.CertPathValidatorException: denyAfter constraint check failed: SHA1 used with Constraint date: 2019-01-01; params date: 2024-03-07T09:39:40.468Z used with certificate: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
at sun.security.util.DisabledAlgorithmConstraints$DenyAfterConstraint.permits(Unknown Source)
at sun.security.util.DisabledAlgorithmConstraints$Constraint.next(Unknown Source)
at sun.security.util.DisabledAlgorithmConstraints$UsageConstraint.permits(Unknown Source)
at sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(Unknown Source)
at sun.security.util.DisabledAlgorithmConstraints.permits(Unknown Source)
at sun.security.util.DisabledAlgorithmConstraints.permits(Unknown Source)
at sun.security.provider.certpath.AlgorithmChecker.check(Unknown Source)
... 26 more
DELL-Charles R
Moderator
Moderator
•
3.4K Posts
0
March 7th, 2024 14:22
Hello,
Could you update the DRAC and BIOS and check results?
Dell iDRAC Monolithic Release 2.92
https://dell.to/48MCmgR
Dell Server BIOS R710 Version 6.6.0
https://dell.to/3Itb5Wc
XSOFTZ
1 Rookie
1 Rookie
•
4 Posts
0
March 7th, 2024 16:31
@DELL-Charles R not work
DELL-Charles R
Moderator
Moderator
•
3.4K Posts
0
March 7th, 2024 16:35
Hello,
What did not work? Did the updates not apply or you still have issue after updating?
What task are you doing when you receive the error message?
Origin3k
4 Operator
4 Operator
•
1.8K Posts
0
March 7th, 2024 17:06
@XSOFTZ
Iam a little bit confused because the Cert is out dated because 7/3/2024 was reached when it comes to the error message. But the cert details you postet show a 10Y life span. Which info is correct?
You can "reset" the current SSL cert and with a iDRAC restart a new one is created or just swap against a self certificated one (this is what we do).
If you can "configure" your JAVA to ignore the outdated cert iam not sure.
XSOFTZ
1 Rookie
1 Rookie
•
4 Posts
0
March 8th, 2024 01:13
@Origin3k
i try reset Cert by racadm sslresetcfg
how to "configure" JAVA to ignore the outdated cert
(edited)
XSOFTZ
1 Rookie
1 Rookie
•
4 Posts
0
March 8th, 2024 01:14
@DELL-Charles R look like error outdate Cert
DELL-Young E
Moderator
Moderator
•
3.7K Posts
0
March 8th, 2024 06:30
Hello this is rather dated model, I'm afraid, I don't know how much of help I could be this time- I could think of trying an older version of Java maybe, in my humble opinion.
Respectfully,
knekkert
1 Message
0
March 8th, 2024 20:12
Hi. I got the same version on my dell r710
running latest bios and idrac.
Please help
DELL-Charles R
Moderator
Moderator
•
3.4K Posts
0
March 8th, 2024 21:29
iDRAC 6 virtual console, encountering an error indicating that Java has blocked the certificate try adding an exception.
Check the installed Java version for compatibility (iDRAC 6 only supports Java 8 u121 and older)
Open the Java control panel
Navigate to the Security tab and click “Edit Site List”.
Add your server’s LAN IP address to the list of exceptions.
MgrCalf
1 Message
0
March 20th, 2024 23:36
in java.security
under jdk.certpath.disabledAlgorithms - set date to some future after "denyAfter"
Julianhave
1 Rookie
1 Rookie
•
1 Message
0
April 5th, 2024 06:37
Today I encountered the same problem with an R720 - iDRAC7 (Failed to validate certificate).
I solved it with:
racadm sslresetcfg
racadm racreset
And in the Java control panel
Navigate to the Security tab and click "Edit Site List".
Add your server's LAN IP address to the list of exceptions.
It works for me and I hope it helps others
(edited)