Java Console Incorrectly Reports SGD Client Archive Signing Certificates have Expired
Last updated on DECEMBER 14, 2017
Applies to:Oracle Secure Global Desktop - Version 4.63 to 5.3 [Release 4.0 to 5.0]
Information in this document applies to any platform.
Users connecting to a valid Secure Global Desktop (SGD) server with verbose Java logging enabled may observe misleading messages regarding the signing certificates written to the Java Console upon their successful connection.
The following example was captured on a SGD 5.3 server, patched to the October 2017 PSU, 5.3p2. All certificates in the client archive signing chain are valid at the time this message is displayed.
security: The certificate has expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has expired, and is timestamped in valid period
security: The certificate has expired, but is timestamped in valid period and TSA is valid
However, further review of the certificates used to sign the SGD client archives will show that no certificates in the archive signing chain have yet expired.
The user will be able to continue to successfully connect, but may be curious regarding the origin of these inquiries.
The user has recently updated the client-side Java from version 8u131.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms