topic Re: JarSigner cannot verify signature of ics64.jar with recent OpenJDK in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/JarSigner-cannot-verify-signature-of-ics64-jar-with-recent/m-p/145313#M7010 <P>I recommend opening a TAC case, but I suspect it's because we don't support that version of OpenJDK (in which case, it'd be an RFE to support it).</P> Sun, 03 Apr 2022 00:01:53 GMT PhoneBoy 2022-04-03T00:01:53Z JarSigner cannot verify signature of ics64.jar with recent OpenJDK https://community.checkpoint.com/t5/SASE-and-Remote-Access/JarSigner-cannot-verify-signature-of-ics64-jar-with-recent/m-p/145193#M7009 <P>Hello,</P><P>Our customer is using SSL Extender and ESOD. One of their users who recently installed Java is getting&nbsp;"Check Point Deployment Shell Internal Error"</P><P>Checking cshell.elg on the client I see following</P><LI-CODE lang="markup">INFO [global] (Log log) [General] Java vendor: Eclipse Adoptium (verion 11.0.14.1) INFO [global] (Log log) [General] Certificate checking: Path does not chain with any of the trust anchors INFO [global] (Log log) [Component] has_invalid_cert and has_unsigned_entry are false INFO [global] (Log log) [Component] Verify - Returning false INFO [global] (Log log) [Component] Failed to verify C:\Users\admin\AppData\Local\Temp\CSHELL\ics64\100001160\ics64.jar.tmp using JarSigner</LI-CODE><P>Trying a bit older version, it still does not work</P><LI-CODE lang="markup">INFO [global] (Log log) [General] Java vendor: Eclipse Foundation (verion 11.0.12) INFO [global] (Log log) [General] Certificate checking: Path does not chain with any of the trust anchors INFO [global] (Log log) [Component] has_invalid_cert and has_unsigned_entry are false INFO [global] (Log log) [Component] Verify - Returning false INFO [global] (Log log) [Component] Failed to verify C:\Users\admin\AppData\Local\Temp\CSHELL\ics64\100001160\ics64.jar.tmp using JarSigner </LI-CODE><P>When using old Oracle OpenJDK it works fine and cshell.elg on the client shows:</P><LI-CODE lang="markup">INFO [global] (Log log) [General] Java vendor: Oracle Corporation (verion 11.0.2) INFO [global] (Log log) [Component] Verify - Returning true INFO [global] (Log log) [Component] Verified C:\Users\admin\AppData\Local\Temp\CSHELL\ics64\100001160\ics64.jar.tmp using JarSigner</LI-CODE><P>What can be done so that newer versions of OpenJDK can be used? I tried latest Microsoft OpenJDK 11 too, with the same results.</P><P>Thank you</P><P>&nbsp;</P> Thu, 31 Mar 2022 22:30:19 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/JarSigner-cannot-verify-signature-of-ics64-jar-with-recent/m-p/145193#M7009 Srdjan_B 2022-03-31T22:30:19Z Re: JarSigner cannot verify signature of ics64.jar with recent OpenJDK https://community.checkpoint.com/t5/SASE-and-Remote-Access/JarSigner-cannot-verify-signature-of-ics64-jar-with-recent/m-p/145313#M7010 <P>I recommend opening a TAC case, but I suspect it's because we don't support that version of OpenJDK (in which case, it'd be an RFE to support it).</P> Sun, 03 Apr 2022 00:01:53 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/JarSigner-cannot-verify-signature-of-ics64-jar-with-recent/m-p/145313#M7010 PhoneBoy 2022-04-03T00:01:53Z