How to check the JAVA certificate validation period for the Web Tier. A message about “Java Application Blocked” may appear on screen if the certificates are expired. The message may say “Application Blocked by Java Security”.
The certificate validation period can be checked using the following steps:
- Locate the SMWorkflow.jar file. For example, navigate to the <webtier webapps folder>\ext
cd <webtier webapps folder>\ext
- In a DOS command prompt, run command:
jarsigner -certs -verbose -verify SMWorkflow.jar > SMWorkflow.jar.certs.txt
“jarsigner” can be found in $JAVA_HOME\bin directory. the call could also look like:
“C:\Program Files\Java\jdk1.7.0_40\bin\jarsigner” -certs -verbose -verify SMWorkflow.jar > SMWorkflow.jar.certs.txt
NOTE: If the JRE is installed instead of the JDK, the “jarsigner” utility will likely not be available.
3.Open SMWorkflow.jar.certs.txt, check if there is [certificate is valid from xxx to xxx] or [certificate expired on 11/16/14 7:59 AM]
If the output indicates that the certificate is expired, it is necessary to locate and deploy a version of the Web Tier with a valid certificate to avoid the expired java certificate errors. If a version of the Web Tier with a valid certificate can’t be located on the HPE Software Support Site, please contact customer support for further assistance.
Only the first certificate duration is the one that is important to consider.
For example, it may look like this:
s 16470 Tue Jun 28 18:04:10 CST 2016 META-INF/MANIFEST.MF
[entry was signed on 6/28/16 6:04 PM]
X.509, CN=Hewlett Packard Enterprise Company, OU=HP Cyber Security, O=Hewlett Packard Enterprise Company, STREET=3000 Hanover Street, L=Palo Alto, ST=CA, OID.18.104.22.168=94304, C=US [certificate is valid from 1/14/16 8:00 AM to 1/14/18 7:59 AM]
X.509, CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB [certificate is valid from 5/9/13 8:00 AM to 5/9/28 7:59 AM]
X.509, CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB [certificate is valid from 5/30/00 6:48 PM to 5/30/20 6:48 PM]
X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE [certificate is valid from 5/30/00 6:48 PM to 5/30/20 6:48 PM]