[oi-dev] hipster a8: ILOM remote console broken

Jim Klimov jimklimov at cos.ru
Thu Jun 13 08:54:35 UTC 2013

On 2013-06-13 08:34, Udo Grabowski (IMK) wrote:
> On 13/06/2013 00:07, Andrzej Szeszo wrote:
>> What kind of ILOM are you connecting to? Perhaps I could try
>> replicating your problem over here by connecting to our Sun gear.
> These are ILOM versions 3.0.x on a Sun Blade X6275, a Thumper X4540,
> and a X4275. All of them worked with a7, but break on a8. I believe
> that com.sun.javaws.LaunchDownload.validateResults may be related
> to the certificate check, since the missing SUN certs are the obvious
> change on a8, but I'm not sure, since there's no java source available
> for ILOM.

Well, I confess that I almost never used ILOMs from *nix systems but
rather from Windows laptops and desktops with both Firefox and MSIE;
in those cases there were two security-related requests from browser
1) Trust the HTTPS certificate? (Self-signed by default, corporate CA
by further configuration - no explicit trusts needed then)
2) Trust the Java Applet provider (the ILOM host name often) and/or
its code-signing? (Again, if I confirmed the security exception once
and the browser remembered it, I had no further problems)

Just in case, try an empty browser profile (perhaps from a new user
account or with Private Browsing) to connect to the ILOMs and see if
the newly-requested explicit trusts would suffice further on?

Of course, the probem cause may be deeper down the road, including
the Java version (i.e. Sun/Oracle JRE vs. OpenJDK) and its own cert
store in $JAVA_HOME/{jre,}/lib/security/cacerts and/or the OS cert
store - as you suspect... Then again, you say Java was unchanged and
you've copied over the /etc/cert database...

To debug further and rule the browser out, you might download the
JARs to your local system and try running them with "java -jar ..."
guessing the dependencies ("-cp file.jar:lib/file2.jar"...) and
perhaps command-line options from the JNLP script ("argument" tags
seems most likely).

At least, if Java still produces errors about JAR loading, you may
have more debug options available and rule out if it is a browser
or OS problem... maybe :)

//Jim Klimov

More information about the oi-dev mailing list