Руководство По Устранению Ошибки для Cisco Cisco Identity Services Engine Software
Java Update Enforces CRL Checks by Default
Which Prevents NSP and Guest Flows
Which Prevents NSP and Guest Flows
Document ID: 116444
Contributed by Sam Hertica, Jesse Dubois, and John Newman, Cisco
TAC Engineers.
Aug 07, 2013
TAC Engineers.
Aug 07, 2013
Contents
Introduction
Background Information
Problem
Solution
Option 1 − Switch or Wireless Controller Side Fix
Option 2 − Client Side Fix
Background Information
Problem
Solution
Option 1 − Switch or Wireless Controller Side Fix
Option 2 − Client Side Fix
Introduction
This document describes a problem encountered where the latest Java update breaks supplicant provisioning
and some guest flows that use Access Control Lists (ACLs) and redirection.
and some guest flows that use Access Control Lists (ACLs) and redirection.
Background Information
The error is in the CiscoSPWDownloadFacilitator and reads "Failed to validate certificate. The application
will not be executed."
will not be executed."
If you click More Information, you receive output that complains about the Certificate Revocation List
(CRL).
(CRL).
java.security.cert.CertificateException: java.security.cert.
CertPathValidatorException: java.io.IOException: DerInputStream.getLength():
lengthTag=127, too big.
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider