Sonicwall DPI SSL stops Java to work
Hi
I'm deploying sonicwall cert from a firewall to all my windows clients.
The certificate has been distributed by GPO.
I'm having a problem with java apps (idrack) which can't connect.
I've imported this to my java store but the same issue appeared.
Eventually I will need to distribute this to all my Win and Mac clients.
I'm deploying sonicwall cert from a firewall to all my windows clients.
The certificate has been distributed by GPO.
I'm having a problem with java apps (idrack) which can't connect.
I've imported this to my java store but the same issue appeared.
Eventually I will need to distribute this to all my Win and Mac clients.
CEHJ
Very tricky to say without seeing it. Out of interest, which version iDRAC?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm using Idrac9 and can connect to it but when I try to open a virtual console after untrusted connection warning I click on run and the applet is trying to connect for a couple of minutes but then I get the following error : "The viewer was unable to reconnect with the server Launch the console again".
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi wannabecraig,
Java has been historically riddled with bugs & security flaws, is a huge vulnerability/liability & attack vector on any network, and should be used only when absolutely necessary. I don't know what your iDRAC version is but they have a native option for connecting and newer versions have an HTML5 version. I'd recommend using HTML5 for security reasons if possible and then the native version in the event HTML5 is unavailable (as your iDRAC version is dependent to the hardware meaning you can't take a DELL 2003 server and upgrade it to iDRAC8). So update the iDRAC to the latest available release.
If you must use Java, because HTML5 is unavailable or the native approach is not working; @J Spoor's comment has laid out all your options!
Java has been historically riddled with bugs & security flaws, is a huge vulnerability/liability & attack vector on any network, and should be used only when absolutely necessary. I don't know what your iDRAC version is but they have a native option for connecting and newer versions have an HTML5 version. I'd recommend using HTML5 for security reasons if possible and then the native version in the event HTML5 is unavailable (as your iDRAC version is dependent to the hardware meaning you can't take a DELL 2003 server and upgrade it to iDRAC8). So update the iDRAC to the latest available release.
If you must use Java, because HTML5 is unavailable or the native approach is not working; @J Spoor's comment has laid out all your options!
Eventually I will need to distribute this to all my Win and Mac clients.I'm not sure I follow. From a security standpoint, the iDRAC should only be accessed by local authorized management segment in a management VLAN...certainly not by ALL user clients.
ASKER
Idrack is accessed just from a management subnet but my users use other java application which I can't change to HTML 5.
Is there any way how to force java to use computer cert store and if so how to push the change by gpo to Win and how to install it to MACs
Is there any way how to force java to use computer cert store and if so how to push the change by gpo to Win and how to install it to MACs
from: https://stackoverflow.com/questions/34166304/accessing-windows-certificate-store-certs-via-java
Windows certificate store is accessible only via CryptoAPI native functions which are not support by Java default installation. If you can use JNA, then you can use various Certificate and Certificate Store Functions in crypt32.dll to enumerate certificates and perform signing operations
Windows certificate store is accessible only via CryptoAPI native functions which are not support by Java default installation. If you can use JNA, then you can use various Certificate and Certificate Store Functions in crypt32.dll to enumerate certificates and perform signing operations
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've used idrac just for testing of DPI SSL. A company which is implementing this is using some intranet sites with java so I need to distribute it to the whole domain which includes macs and pcs. IS there any way how to pust setting for java to accept self assigned cert. or is there a way how to distribute it to all users ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've set up exclusions for all java aps