Due to the recent influx of tickets concerning java issues with Light Activation Systems and Mobile Credentialing Units, we wanted to remind sites of a memo that was sent to IT All back on July 10, 2019 involving an expired certificate for the java deployment ruleset.
Date: July 10, 2019
Subject: [ACTION] Repair Oracle Java Ruleset – Expired Certificate Issue
WHAT YOU NEED TO KNOW
The Time Stamp Server Certificate that was used to time-stamp the cert signing of the DeploymentRuleSet.jar file, which is part of the DOI provided Oracle Java SCCM application, has expired for version 8.201.1 and 8.202.1.
While Oracle Java 8.201/202 are security vulnerabilities in the environment and the ePatching team has recently worked to remove this product from all systems, some systems, such as USAccess LAS/MCUs are still dependent on this product and this expired certificate has caused the software to not function properly.
The DOI SCCM Team has created the following new SCCM Applications which contain an updated DeploymentRuleSet file with a renewed certificate.
- 2-DOI-Oracle Java 08.201.2 (x86)
- 2-DOI-Oracle Java 08.201.2 (x64)
- 2-DOI-Oracle Java 08.202.2 (x86)
- 2-DOI-Oracle Java 08.202.2 (x64)
The DOI SCCM Team has also created the following new SCCM Package to update the DeploymentRuleSet file on all current Oracle Java Deployments.
- 2-DOI-Oracle Java RuleSet Update 2019.07.10
If sites are receiving the following error while trying to launch the CIT or the Activation pages, they do not have the updated Java Ruleset deployed.
Please use the SCCM applications listed above or follow the instructions at the top of the downloads section of the LAS tst page: https://tst.usgs.gov/applications/security/light-activation-kits/#downloads
