Java Console Incorrectly Reports SGD Client Archive Signing Certificates have Expired
(Doc ID 2338526.1)
Last updated on JANUARY 25, 2021
Applies to:
Oracle Secure Global Desktop - Version 4.63 and laterInformation in this document applies to any platform.
Symptoms
Users connecting to a valid Secure Global Desktop (SGD) server with verbose Java logging enabled may observe misleading messages regarding the signing certificates written to the Java Console upon their successful connection.
The following example was captured on a SGD 5.3 server, patched to the October 2017 PSU, 5.3p2. All certificates in the client archive signing chain are valid at the time this message is displayed.
security: The certificate has expired, need to check timestamping info
security: Timestamping info is available
security: The certificate has expired, and is timestamped in valid period
security: The certificate has expired, but is timestamped in valid period and TSA is valid
...
However, further review of the certificates used to sign the SGD client archives will show that no certificates in the archive signing chain have yet expired.
The user will be able to continue to successfully connect, but may be curious regarding the origin of these inquiries.
Changes
The user has recently updated the client-side Java from version 8u131.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |