JDK TLS handshake error

The Eclipse PD team has identified JBoss running on RHEL 5.x with Java 7u131 may crash when the Solar Eclpse SSL interface (i.e Connection Pool, Session manager and etc..) is accessed from a browser.

This is an Oracle bug, and it is expected to be fixed with java 7u141 release.

The Work-around is to not use java 7u131. Do not install java update or downgrade to an older version if java 7u131 has already been installed.

To downgrade java to older version, 7u95:

yum downgrade java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11

To exclude java updates when manually installing the RHEL updates:

yum update --exclude=java-1.7.0-openjdk-1.7.0.131*

If your system is setup with RHEL automatic update you may temporarily disable it and run manual updates until a fix is available.

To disable RHEL auto update:

chkconfig yum-updatesd off
service yum-updatesd stop

Reference

Solar Website Security Certificate Warnings

When browsing to a secure portion of the Solar web start page (Session Manager, Connection Pool, etc.), you will receive an error similar to the following:

“There is a problem with this website’s security certificate. The security certificate presented by this website was issued for a different website’s address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website.”

The warning is expected, and can be safely ignored. Regardless of any warnings, all web traffic over HTTPS between the client and application server is fully encrypted.

The way certificates work in regards to web browsing is as follows: the web browser notices there is an HTTPS connection and attempts to verify the certificate given against both the certificate authority that signed the certificate, as well as the FQDN of the destination address.

In this case, the web browser sees that the certificate is signed by a non-trusted authority, and that the destination’s IP address doesn’t appear in the certificate. This warning will always appear, because Eclipse signs our own certificates and does not customize them for each customer. To remove the warning, each customer would have to generate a certificate from a trusted authority (i.e. VeriSign) for each unique web address. Each of these certificates would have to be re-integrated with each change to the application server (i.e. point upgrade). Eclipse has weighed the warning vs. the practicality of doing this for every customer and chose to self-sign a generic certificate to provide encryption without authentication. This is an industry standard practice for secure websites on a company Intranet where a server’s identity is known.

If a customer wishes to order and install their own security certificates, they may do so at their own expense and without support from Eclipse.

Solar Java Compatibility

Q. Which version of Java should I install for compatibility with ePad and Element?

[table id=4 /]

Q. Should I install Java updates when prompted?

Yes, you should install Java updates when prompted, because Oracle often releases important security updates to the JRE. In almost every case, installing Java updates will not cause problems with Solar.

In the rare case that a Java update causes problems with the Solar client, we recommend that you first try to reinstall Solar. If performing a clean installation of Solar doesn’t resolve the issue, we recommend that you uninstall all other versions of the Java runtime environment (JRE), re-install only the JRE version that was certified with your specific release of Eclipse from the table above, and open an SR for our development team to review the issue.

Q. How do I determine which version of Java is certified for my release of Eclipse?

Please refer to the table above.

Q. Why is the version of Java on my web start page out of date?

As versions of Java with major security patches or significant features are released, the Eclipse development team integrates and tests each new version with the current version of Eclipse.

Due to the overhead involved with testing hundreds of possible combinations of Java runtime environments and Eclipse releases, the Eclipse development team only certifies the most recent Java runtime environment and Eclipse release.

Q. Is Solar compatible with Java 7?

Yes, Java 7 is bundled with Eclipse release 8.7.4.09 and later, and it may be manually installed for use with earlier versions of Eclipse.

How do I reinstall the Solar desktop shortcuts?

If Solar is installed, but the shortcuts have disappeared:

  • Have the user remove all Solar desktop shortcuts
  • Control Panel -> Java
  • On the “General” tab, find “Temporary Internet Files”, click “View…”
  • Right-click on Solar -> Uninstall Shortcuts
  • Right-click on Solar again -> Install Shortcuts

To give users a direct link from which to install or launch Solar, you may send a hyperlink or create shortcut directly to the web start URL. To obtain this URL, right-click on the Click Here to Install Solar Eclipse link and copy the URL. The URL should be similar to to following:

http://172.17.188.36:2080/SolarInstallService.jnlp