Brocade Fibre Channel Networking Community

Expand all | Collapse all

Problem for access webtools from internet explorer or firefox with JRE 1.7!

  • 1.  Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-04-2013 07:37 PM

    HI!!  I have a couple of HP Brocade 4/12 for HP Bladesystems, when i try to access webtools by explorer or by firefox!  An error box shows this message """Application Blocked for security"  Failed to validate certificate. The application will not be executed.  We have this issue since 3 different laptops.  Trying to access to 5 different switches!!  Pls can you help me!


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-05-2013 05:50 AM

    This is (most likely) your browser/java plugin complaining because of an certificate issue.

    Try adding exclusions for said switches.


    #BrocadeFibreChannelNetworkingCommunity


  • 3.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-05-2013 06:49 AM

    Hi!!

     

    I have the same problem!!!

     

    Can anybody help!!! Please!!


    #BrocadeFibreChannelNetworkingCommunity


  • 4.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-05-2013 07:42 AM

    So did you add exclusion to your browser/jre to disregard the certificate?


    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-06-2013 05:15 AM

    We have the same issue I believe.
    Just got 2 new HP 8/8 SAN Switches / Brocade 300.

    ,Both have been connected to power, both have gotten an IP adress in the same subnet as other network components (set through serial cable and putty), both answer to ping (ie IP is ok).

     

    When I go to the switch in Internet Explorer 9, I get the same error, error validating certificate, and Java error. Happens on both switches.
    Tried to disable ceritiface check in Java with no luck.

    What is wrong?


    We have not set any config on the switch, should any command be run in CLI?

    It comes defined with licenses for port 1-7 correct, or are we missing POD licenses to make the switch work?


    I tried running the EZconfigwizard, but it could not set IP on the switches and it could not detect the switches on the network after entering wwn number,

     

    Thanks for your help people..


    #BrocadeFibreChannelNetworkingCommunity


  • 6.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-06-2013 05:24 AM

    You have to either lower the security level or disable it at all on Java Control Panel.

    java.png


    #BrocadeFibreChannelNetworkingCommunity


  • 7.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-06-2013 06:43 AM

    I tried again now to set it to Medium, which is the lowest.
    Still I get the certificate validation error:

    Is it possible to export a cer file from the Brocade switch and maybe import it in the browser?

    cert_err.jpg


    #BrocadeFibreChannelNetworkingCommunity


  • 8.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-06-2013 06:56 AM

    Ok, so I managed to get it started on another PC which has older Java installed, 7 u 25.

    Here I could chose to Run the applet and it works, but it says the certificate has expired in March 2012.

    Is that correct when these switches were delivered 1 month ago?


    #BrocadeFibreChannelNetworkingCommunity


  • 9.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-06-2013 07:56 AM

    It not about the delivery date, bu more with when was the certificate generated and when does it expire.


    To be frank I'm not that familiar with certificates at all.

    That said if the certificate was generated when the your FOS level was compiled or installed, yeah it may already have expired although you bought the switch brand new.


    The fact the JRE is also crucial doesn't help.

     

    If you're able to generate a new cert you should be ok, is it possible I don't know.

    In general I find it a pain to work with Certs from appliances and also FC switches from BRCD as FQDN does not match, security levels do not match FRE dependencies etc.

     

    What I generally do is disregard those Certs if I really need webtools, but 99% of the time I use CLI.


    #BrocadeFibreChannelNetworkingCommunity


  • 10.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-20-2013 11:27 AM

    I got 2 new HP switch model P/N AM868B with the same problem with Explorer 9 or the latest version of Firefox. Could someone help about the exacte procedure to resolve this problem ?

     

    Thanks,


    #BrocadeFibreChannelNetworkingCommunity


  • 11.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-03-2014 10:33 AM

    I tried all of the above and none worked but his did from this blog http://www.richardnichols.net/2012/08/arrrggh-java-security-cert-certificateexception-certificates-does-not-conform-to-algorithm-constraints/

     

    JDK7 changed the default Java security settings to disable MD2 algorithm to sign SSL certificates.
    BUT this can be re-enabled by editing JDK_HOME/jre7/lib/security/java.security and commenting out the following line:

    jdk.certpath.disabledAlgorithms=MD2

    ... becomes ...

    #jdk.certpath.disabledAlgorithms=MD2

     

     


    #BrocadeFibreChannelNetworkingCommunity


  • 12.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 02-13-2014 07:25 AM

    A workaround

     

    Start "javaws -viewer" to launch the "Java Cache Viewer"

    In the "Java Cache Viewer" window run the application called "your_swith_mane: WebTools Switch Explorer"

    All certificat integrity check will be bypassed ;-)


    #BrocadeFibreChannelNetworkingCommunity


  • 13.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 05-12-2014 10:43 AM

    Changing jre lib file as shown in post with: jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 256 worked for me with Firefox and JRE 1.7

     

    Thank you!


    #BrocadeFibreChannelNetworkingCommunity


  • 14.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 06-05-2014 01:22 AM
      |   view attached

    hi Br!

    i am using BR-AP7131 router and window8-64 bit with jre1.7..25  java version. I tried all way on the top, but can't log in webtool(the last time i can login webtool since 1 year ago). pls help me. my contact phamngocduyen19844 skype chat. thanks alot!


    #BrocadeFibreChannelNetworkingCommunity


  • 15.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 07-09-2014 07:17 AM

    SOLVED for a old Brocade type:CONTRX Model:510,  it's working fine forcing the 6 update 25 version usage 

     

    To force the 6 update 25 usage even with a newer version installed (1.7.x)

     

    1/ Install the Java SE Runtime Environment 6u25 (jre-6u25-windows-i586.exe)

    http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jre-6u25-oth-JPR

     
    2/ Duplicate all the install folder in another folder to avoid futur automatic upgrade
    C:\Program Files (x86)\Java\jre6\*  -> C:\my_jre6u25\*
     
    3/ Create the following .jnlp file (C:\my_jre6u25\sanbromhx1dsy.jnlp by example)
    in the file replace sanbromhx1dsy by your switch name
    --------- File contents -----------------
    --------------------------
     
    4/ Create a batch file (C:\my_jre6u25\sanbromhx1dsy.bat) to execute java using this .jnlp file
    ------ File contents ---------
    "%~dp0\bin\javaws.exe" "%~dp0brocade_sanbromhx1dsy.jnlp"
    ---------------
     
    5/ Execute the batch file
    you will have 2 warnings but it works
     
    If you do not have the same switch model, it can needs others jar application
         Display your original .jnlp file and if needed replace the (

    #BrocadeFibreChannelNetworkingCommunity


  • 16.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 08-15-2014 10:51 AM

    Finally a solution that works, thanks!

     

    I had tried the numerous suggestions for commenting or altering a line in java.security, and changing security level, and adding to the exception list, all to no avail.

     

    After upgrading java from 1.7.0_25 to 1.7.0_45+ (now at 67), I kept getting the "Failed to Validate Certificate." message. I really didn't want to stay at java 25, primarily wanting to be current with java fixes.

     

    This solution worked, fantastic.


    #BrocadeFibreChannelNetworkingCommunity


  • 17.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-16-2015 12:17 PM

    Picked up a 200e for a home cluster that I built and after much fighting to login found this, worked like a charm, I actually isolated it to a single folder and it can be launched from any location. 

     

    Thanks so much!


    #BrocadeFibreChannelNetworkingCommunity


  • 18.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-22-2013 08:53 AM

    Open the java.security file which is located in your client machine's Java/JRE installed directory (jre/lib/security/java.security).

    Look for this line:

    jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

    Change 1024 to 256 and save.

     

    That worked for me.


    #BrocadeFibreChannelNetworkingCommunity


  • 19.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 11-28-2013 05:31 AM

    I agree with @ataylor, it also worked for me.


    #BrocadeFibreChannelNetworkingCommunity


  • 20.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-09-2014 10:02 PM

    I do faced this issue with Brocade 5300 and 300..
    now it is resolved..
    Thanks alot Ataylor :)


    #BrocadeFibreChannelNetworkingCommunity


  • 21.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-10-2014 01:02 AM

    Thanks all for the detail on security that was already a first step to resolving my issues.

    But now that I can access it it take about 3 to 7 minutes to open a webtool with JRE1.7 when it take about 30sec in JRE 1.6

    My switch are still running 6.4.3d but got same behavior to 7.1.1 and running BNA 12.0.3

     

    Anyone did get same issue ?

    Or did you found a way to force BNA to use the older version of JRE and not its own 1.7 version ?


    #BrocadeFibreChannelNetworkingCommunity


  • 22.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-19-2014 10:20 PM

    sebastien,

     

    most probable you issue refer follow defect, the defect is reported in FOS Release Notes 7.1.1c

     

    Symptom:
    With JRE 1.7.0 update 45, users will see a warning message when WebTools is launched through HTTPS and will not be able to launch WebTools from Network Advisor with prior to v12.1.4 Network advisor revisions


    Defect 481199: Compatibility issues in Web Tools with JRE 7 Update 45


    #BrocadeFibreChannelNetworkingCommunity


  • 23.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-20-2014 12:43 AM

    BNA +2-0-3 comes with a version 1.7 release 25 and not 45 so not sure would really hit the defect.


    #BrocadeFibreChannelNetworkingCommunity


  • 24.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-20-2014 01:00 AM

    indeed, the defect report:

     

    -> BNA with prior to...

     

    -> Workaround: Launch Web Tools through Network Advisor running version 12.1.4 or higher
    -> Recovery: JRE must be downgraded to 1.7u25

     

    from you post is not clear to me which JRE you are using.


    #BrocadeFibreChannelNetworkingCommunity


  • 25.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 12-11-2013 05:47 AM

    Helped me out, thanks for the info.

     

    Ive been going mad with this issue on a brand new Brocade 300


    #BrocadeFibreChannelNetworkingCommunity


  • 26.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 12-16-2013 01:42 AM

    Hi, I've modified the number to 256 but i'm still can't access. Pls help............


    #BrocadeFibreChannelNetworkingCommunity


  • 27.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 12-16-2013 02:46 AM

    Put the following, instead of what you have,  in the java.security file:

     

    jdk.certpath.disabledAlgorithms=MD2

     

    rgds


    #BrocadeFibreChannelNetworkingCommunity


  • 28.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-01-2014 07:17 PM

    Have a look here:

     

    http://erwinvanlonden.net/2013/12/brocade-webtools-and-java/

     

    This might resolve your issue.

     

    Regards,

    Erwin


    #BrocadeFibreChannelNetworkingCommunity


  • 29.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 01-30-2014 04:29 AM

    Give this a try ...

     

    Java security setting has been enhanced starting from Java 1.7.0_40.

    Some old java console/apps with certificate's RSA Key length <1024

    will fail to start with "cannot start application" pop-up.

     

    I just upgraded to Jave 7 Update 45 (32 and 64 Bits Windows) with same

    behavior.

    When SCCM will push Java 7 Update 40, you may be a victim of.

     

    This fix is to apply after each jre update from client site (workaround)

    or requires a permanent fix from software house that wrote application

    (a new certificate with RSA key > 1024 bytes must be provided)

     

    For more info about the new enhanced security, refer to the following link

     

    http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html#AppB

     

    --- excerpted from above link ---

    Starting from JDK 7u40 release, the default value of

    jdk.certpath.disabledAlgorithms is as follows:

     

     jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

    This means that no signature algorithm involving MD2 will be used to verify

    a certificate. And use of certificates with RSA key size of less than 1024

    bits in length is restricted.

    --- excerpted from above link ---

     

     

     

     

    The FIX  :

    **********

    The java.security file is located in your client machine's Java/JRE

    installed directory (jre/lib/security/java.security).

     

    In Java 1.7.0_40 the java.security by default has this setting:

     

    (Info : round Line 409)

     

    jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

     

    Changing the 1024 to 256 may solve the issue.

     

     

    The PERMANENT FIX :

    *******************

     

    The permanent solution is to re-sign OneClick jars with a new signing

    certificate that would have higher key size.


    #BrocadeFibreChannelNetworkingCommunity


  • 30.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 02-10-2014 03:32 PM

    I was able to get this to work, but use at your own risk.

    Make a backup of your java.security file in C:\Program Files\Java\jre7\lib\security

    Open the Jave.security file and find the line that reads jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

    Change the 1024 to 256 and save the file.

    Once I did this and decreased the security settings in the java control panel, I was able to get to my switches.

    If this doesn't work, you may also need to add an exception for the IP address in the control panel under security.

    This is working with Java 7 U51

    Good Luck..


    #BrocadeFibreChannelNetworkingCommunity


  • 31.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 02-12-2014 03:05 PM

    I have the issues logging into old swithes from my laptop

    OLD Switches=5300/300

    JRE:1.6 U 19 installed and enabled

    JRE:1.7 u 25 installed and enabled

    JRE:1.7 u 51 installed and disabled


    Java control panal added runtime parameter "-Xms256m -Xmx256m"

    Security =Medium

    Java Security file: #jdk.certpath.disabledAlgorithms=MD2  ( disabled)

    One other thing, if i tried to add exception to the java control panel via ip address of the switch ( currently does not have dnsname)

    i could apply but the change did not go through and ip was not listed in exception, as a matter of fact the format tap to add exception has red exclaimation but i could not tell what for ?

    When i point my browser to old switche it tries to launch old java and then the brower dies, before that it would launch the gui , i would get log in prompt and then the switch never loads, i have tried all know tricks..

    Please help.

    Can i just get a new certificate generated on the old swithces which i can import to my browser, has any one tested that and what is the procedure to regenerate brocade certificate on a switch.

    Thanks

     


    #BrocadeFibreChannelNetworkingCommunity


  • 32.  Re: Problem for access webtools from internet explorer or firefox with JRE 1.7!

    Posted 02-13-2014 07:00 AM

    change this line in your security file #jdk.certpath.disabledAlgorithms=MD2

    Remove the # at the beginning and change it to this jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 256

    You might need to lower your security settings and add an exception for your switch IP in the Java control panel as well.


    #BrocadeFibreChannelNetworkingCommunity