Java 8 update 45 - SSL OCSP security issue 1 While launch our JNLP based web start with java 8 update 45, we are getting the below ocsp error on SSL certificate. SSL is issued by a trusted issuer and the hierarchy is. Important Oracle JDK License Update. The Oracle JDK License has changed for releases starting April 16, 2019. The new Oracle Technology Network License Agreement for Oracle Java SE is substantially different from prior Oracle JDK licenses. The new license permits certain uses, such as personal use and development use, at no cost - but other.
MacBook Pro 13-inch, mid-2012, 4 GB memory
Yosemite (V10.10.3 - 14D136)
Running Java 8 update 31
Trying to install Java 8 update 45
Tried it at least 4 times. No way to do it. At every try, the download works OK (60.5 MB), then the windows says it extracts the update and, after a little bit of time, suddenly disappears without any error message or any other warning. I never get to the 'Install and relaunch' step. Subsequent checks (no matter if it is done before or after a reboot) always show that I'm still running update 31.
Anybody knows what's going wrong there?
Java 8 Update 45 Install
Regards,
Denis MAILLARD.
MacBook Pro (13-inch Mid 2012), OS X Yosemite (10.10.3), 4 GB Memory
Posted on Apr 20, 2015 2:01 AM
(please note that this was written for Java version 7. This has not been tested with 8)
As you've likely been made aware, Java is getting more secure as it goes. We've been using Java on our Citrix environment, but have been having more issues with Java content on websites used by our staff.
Very recently, I was put in to a situation where if I upgraded Java to the latest version, it would break our payroll/time punch web site. If I stayed at the old version, we were nagged about security alerts and had plug-ins blocked due to Java being out of date.
Java security settings are maintained at the user level by default. This creates a problem for Citrix and RDS environments. By deploying centralized Java security settings, we were able to upgrade to the newest Java, while maintaining full functionality on all of the sites that we use.
Reference the following document for a more detailed list of options:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/jcp/properties.html
5 Steps total
Step 1: Create three new files
Using notepad, create the following files:
deployment.config
deployment.properties
exception.sites
in the following directory:
Java 8 Update 45 Jre
%SystemRoot%SunJavaDeployment
Be sure not to save them as TXT files. Use Notepad to 'Save As'. Select the file type as 'All Files' and write the name of each file as described above. Permissions are fine to inherit from the parent folder.
Step 2: File 1: deployment.config
Open deployment.config in Notepad and list your preferred options. Mine was configured as such (I've numbered the lines here for readability. The actual files should not have the lines numbered):
1. deployment.system.config.mandatory=FALSE
2. deployment.system.config=file:///C:/Windows/Sun/Java/Deployment/deployment.properties
Step 3: File 2: deployment.properties
For deployment.properties, I made the preferred settings in the Java control panel as the administrator. I copied my file from my local profile to the central folder. Your local copy can be found here:
%UserProfile%AppDataLocalLowsunjavaDeployment
Referencing the Oracle site linked above, set your settings as you'd prefer. In my case, I copied the file with my settings and added the following lines to point to my exception.sites file.
1. deployment.user.security.exception.sites=C:WindowsSunJavaDeploymentexception.sites
2. deployment.user.security.exception.sites.locked
Step 4: File 3: exception.sites
This file is fairly simple and can either be created or copied from your local profile. It's located in %UserProfile%AppDataLocalLowsunjavaDeploymentsecurity
List the URL's of the sites that you wish treated as a trusted site by Java. If you added any sites in the Java control panel, you should see an example in your local profile version. Also note that, as far as I understand it, wildcard characters do not work on this file.
Step 5: Reboot the server
If this is a standard Citrix / RDS environment, simply reboot the machine. If you're using Citrix PVS, you'll want publish these changes in the next version of your image. Once servers boot from the new image, all of the changes will be in effect.
The changes took effect once the machines were rebooted. I didn't have to wipe any user profiles or implement any group policy changes for this to take effect.
Hopefully this article helps you out.
References
- Oracle Tech Notes for deployment.properties
5 Comments
- Pimientomikewilliams9 Jul 2, 2015 at 10:45am
This is a great article and I think has me on the right path. However, I can't get an app that is linked off of a web page going to an exception listed in my exception.sites to keep from popping up a security warning asking do I want to run this application? An unsigned application from the location below is requesting permission to run.I have this in my deployment properties:
#Thu Jul 02 05:51:00 EDT 2015
deployment.modified.timestamp=1435830660388
deployment.security.tls.revocation.check=NO_CHECK
#Wed Jul 01 14:08:07 EDT 2015
deployment.modified.timestamp=1435774087793
deployment.security.askgrantdialog.notinca=true
deployment.security.mixcode=HIDE_RUN
deployment.version=8
install.disable.sponsor.offers=false
Anyone able to tell from Oracle's documentation what I need to add? I sure haven't been able to. I am running Java Version 8 Update 45. - Pimientonikkicoash Sep 17, 2015 at 07:27pm
Seems to work fine for XenDesktop 7.6 with Provisioning Services and Java 8 Update 60.
- SerranoJoel2824 Oct 15, 2015 at 05:27pm
Thank you!! Note to others - if that sundeployment folder does not exist, just make it.
- Pimientomuralikrishna9 Sep 21, 2016 at 04:11pm
Hi All,
We are using roaming profile and Citrix PVS component to deploy machines. It is taking 4 to 5 minutes to load java applet.
I have done all the settings as recommended above, still folder is created under%UserProfile%AppDataLocalLow
and it is not fetching file from %SystemRoot%SunJavaDeployment.
Is there any other setting where it will stop creating the folder %UserProfile%AppDataLocalLow and fetch from %SystemRoot%SunJavaDeployment. Iam using both java 7 update 80 and java 6 update 31 - PimientoAA2913 Mar 22, 2018 at 07:00pm
We have everything as mentioned here, and we keep adding the sites to the exception list. But, it still pops up with the message 'Application blocked by Java Security' when accessed through Citrix (XenApp) servers. Sometimes it works, sometimes it does not work.
The Java version is JRE 1.8
This is being used for Oracle PMS system and we are just frustrated.