Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 18
Registered: ‎09-10-2012

Does anyone know when Brocade will issue new certs for their SAN switches?

We are having issues with opening WebTools on all our SAN switches. We are running Java 7 update 51 and this is blocking the application from running. We receive a certificate error. Apparently update 51 checks for a certificate with 2048 bit.

 

 

A case has been logged with HP (These are HP Branded 8GB FC switches), but wanted to post in Brocade forums as well.

 

Anyone have an idae as to timeline?

 

 Thank you,

 

Louis

Valued Contributor
Posts: 547
Registered: ‎03-20-2011

Re: Does anyone know when Brocade will issue new certs for their SAN switches?

Occasional Contributor
Posts: 18
Registered: ‎09-10-2012

Re: Does anyone know when Brocade will issue new certs for their SAN switches?

Thank you for your reply.

 

I saw this article and tried the recommendations. Unfortunatly they made no difference

 

in our case. We are forced to use Jave7 update 51. I had thought maybe I could generate a self-signed Cert and import to switch and solve my problem, but no joy, either.

 

Regards,

 

Louis

New Contributor
Posts: 4
Registered: ‎03-05-2014

Re: Does anyone know when Brocade will issue new certs for their SAN switches?

There are 2 recent Java 7 updates to make life difficult. Java 7u40 had the change "Default x.509 Certificates Have Longer Key Length"

http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html

which prevents older jar files from running due to short key length. The workaround for this is to edit your jdk.certpath.disabledAlgorithms setting in the java.security file (and do so on every Java update). The fix is for the vendor to sign the app with a longer key.

 

Java 7u51 introduced the "Missing required Permissions manifest attribute" error, documented here under "Require Permissions Attribute for High Security Setting"

http://www.oracle.com/technetwork/java/javase/7u51-relnotes-2085002.html

The workaround for this is to lower the Security Level setting in Java Control Panel, or add the URL to the Exception Site List. The fix is for the vendor to update the jar file manifest in line with new security requirements.

 

I wouldn't hold my breath waiting for either fix; even Oracle have broken a load of their own apps (ILO Remote Console etc.) with no update in sight.

Contributor
Posts: 44
Registered: ‎12-23-2013

Re: Does anyone know when Brocade will issue new certs for their SAN switches?

Hi Louis,

 

Did you try to change RSA Key size to value 256 in java.security file?

 

regards

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.