This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Srdjan_B
Collaborator
Collaborator
‎2022-03-31 03:30 PM

JarSigner cannot verify signature of ics64.jar with recent OpenJDK

Hello,

Our customer is using SSL Extender and ESOD. One of their users who recently installed Java is getting "Check Point Deployment Shell Internal Error"

Checking cshell.elg on the client I see following

INFO [global] (Log log) [General] Java vendor: Eclipse Adoptium (verion 11.0.14.1)
INFO [global] (Log log) [General] Certificate checking: Path does not chain with any of the trust anchors
INFO [global] (Log log) [Component] has_invalid_cert and has_unsigned_entry are false
INFO [global] (Log log) [Component] Verify - Returning false
INFO [global] (Log log) [Component] Failed to verify C:\Users\admin\AppData\Local\Temp\CSHELL\ics64\100001160\ics64.jar.tmp using JarSigner

Trying a bit older version, it still does not work

INFO [global] (Log log) [General] Java vendor: Eclipse Foundation (verion 11.0.12)                                                          
INFO [global] (Log log) [General] Certificate checking: Path does not chain with any of the trust anchors                                   
INFO [global] (Log log) [Component] has_invalid_cert and has_unsigned_entry are false                                                       
INFO [global] (Log log) [Component] Verify - Returning false                                                                                
INFO [global] (Log log) [Component] Failed to verify C:\Users\admin\AppData\Local\Temp\CSHELL\ics64\100001160\ics64.jar.tmp using JarSigner

When using old Oracle OpenJDK it works fine and cshell.elg on the client shows:

INFO [global] (Log log) [General] Java vendor: Oracle Corporation (verion 11.0.2)
INFO [global] (Log log) [Component] Verify - Returning true
INFO [global] (Log log) [Component] Verified C:\Users\admin\AppData\Local\Temp\CSHELL\ics64\100001160\ics64.jar.tmp using JarSigner

What can be done so that newer versions of OpenJDK can be used? I tried latest Microsoft OpenJDK 11 too, with the same results.

Thank you

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-04-02 05:01 PM

I recommend opening a TAC case, but I suspect it's because we don't support that version of OpenJDK (in which case, it'd be an RFE to support it).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events