Service Manager Web Tier: How to determine if the JAVA certificate is expired

How to check the JAVA certificate validation period for the Web Tier. A message about “Java Application Blocked” may appear on screen if the certificates are expired. The message may say “Application Blocked by Java Security”.

java

The certificate validation period can be checked using the following steps:

  1. Locate the SMWorkflow.jar file. For example, navigate to the <webtier webapps folder>\ext

cd <webtier webapps folder>\ext

  1. In a DOS command prompt, run command:

jarsigner -certs -verbose -verify SMWorkflow.jar > SMWorkflow.jar.certs.txt

“jarsigner” can be found in $JAVA_HOME\bin directory. the call could also look like:

“C:\Program Files\Java\jdk1.7.0_40\bin\jarsigner” -certs -verbose -verify SMWorkflow.jar > SMWorkflow.jar.certs.txt

NOTE: If the JRE is installed instead of the JDK, the “jarsigner” utility will likely not be available.

3.Open SMWorkflow.jar.certs.txt, check if there is [certificate is valid from xxx to xxx] or [certificate expired on 11/16/14 7:59 AM]

If the output indicates that the certificate is expired, it is necessary to locate and deploy a version of the Web Tier with a valid certificate to avoid the expired java certificate errors. If a version of the Web Tier with a valid certificate can’t be located on the HPE Software Support Site, please contact customer support for further assistance.

Only the first certificate duration is the one that is important to consider.

For example, it may look like this:

>>>>>> SMWorkflow.jar.certs.txt

s      16470 Tue Jun 28 18:04:10 CST 2016 META-INF/MANIFEST.MF

[entry was signed on 6/28/16 6:04 PM]

X.509, CN=Hewlett Packard Enterprise Company, OU=HP Cyber Security, O=Hewlett Packard Enterprise Company, STREET=3000 Hanover Street, L=Palo Alto, ST=CA, OID.2.5.4.17=94304, C=US      [certificate is valid from 1/14/16 8:00 AM to 1/14/18 7:59 AM]

X.509, CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB      [certificate is valid from 5/9/13 8:00 AM to 5/9/28 7:59 AM]

X.509, CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB      [certificate is valid from 5/30/00 6:48 PM to 5/30/20 6:48 PM]

X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE      [certificate is valid from 5/30/00 6:48 PM to 5/30/20 6:48 PM]

Advertisements

Error: Caught XML API exception scxmlapi(23) – XML DOM exception caught – code 5 msg invalid or illegal XML character

User receives an error when trying to login:

Caught XML API exception scxmlapi(23) – XML DOM exception caught – code 5 msg invalid or illegal XML character

The logs may appear similar to the following:

RTE W Exception occurred for method execute and XML request <?xml version=”1.0″ encoding=”utf-8″?><SOAP-ENV:Envelope

2324( 7880) 06/23/2016 13:26:11 RTE W CTopaz::process(): Caught DOMException code:5 msg:invalid or illegal XML character

2324( 7880) 06/23/2016 13:26:11 RTE E Caught XML API exception scxmlapi(23) – XML DOM exception caught – code 5 msg invalid or illegal XML character

2324( 5908) 06/23/2016 13:26:11 JRTE W Send error response: A CXmlApiException was raised in native code : error 23 : scxmlapi(23) – XML DOM exception caught – code 5 msg invalid or illegal XML character

xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”><SOAP-ENV:Header/><SOAP-ENV:Body><execute><thread>0</thread><type>detail</type><event>0</event><authModel><var><user.id>RDE</user.id><old.password Password=”1″>756A5325B9829848</old.password><L.language>en</L.language></var></authModel></execute></SOAP-ENV:Body></SOAP-ENV:Envelope>

Upgrading the RTE to a more current version should resolve this issue.