Java Console Incorrectly Reports SGD Client Archive Signing Certificates have Expired
(Doc ID 2338526.1)
Last updated on JANUARY 25, 2021
Applies to:Oracle Secure Global Desktop - Version 4.63 and later
Information in this document applies to any platform.
Users connecting to a valid Secure Global Desktop (SGD) server with verbose Java logging enabled may observe misleading messages regarding the signing certificates written to the Java Console upon their successful connection.
The following example was captured on a SGD 5.3 server, patched to the October 2017 PSU, 5.3p2. All certificates in the client archive signing chain are valid at the time this message is displayed.
security: The certificate has expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has expired, and is timestamped in valid period
security: The certificate has expired, but is timestamped in valid period and TSA is valid
However, further review of the certificates used to sign the SGD client archives will show that no certificates in the archive signing chain have yet expired.
The user will be able to continue to successfully connect, but may be curious regarding the origin of these inquiries.
The user has recently updated the client-side Java from version 8u131.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document