Page 1 of 1

Java 7

PostPosted: Fri Aug 04, 2017 6:21 pm
by sgomez
We are having a problem with the Server application. To date the customer was using Java 6 and there were no issues. For different reasons, this client changed to Java 7 and this is where we started having problems running the application.
We are running Servoy 5.15 where we have our applications. The server specs. are:
• Windows Server 2008 R2 Standard
• 8 GB. Ram.
• Intel Xeon CPU E5-2690 v2 3.00 GHz Processor
• Java 6.
Application Server.
• Server Information
• Servoy version 5.2.15 -build 1028
• Port used by RMI Registry: 1099


When the application runs on the workstation we constantly receive a "Connection to Servoy Server is invalid" error. The Network configuration is set to "Direct Connect". This workstation has Java 7 installed.
The Workstation Specs. are:
• Windows 7 Profesional (x86)
• 4 Gb. Ram.
• Procesador Intel Core I-5 CPU @ 3.20 GHz 3.20 GHz
• Java version 7.
When we run the jnlp file our application shows the error "Connection to Servoy Server is invalid" and the Application Server shows the following error:
I/O exception, see log for full details: Received fatal alert: certificate_unknown 2017-08-03 15:08 SocketAccepter[4] ERROR com.servoy.j2db.util.Debug SocketAcceptor failure for socket: 819191[SSL_NULL_WITH_NULL_NULL: Socket[addr=/10.113.15.43,port=49273,localport=1099]]

This does not happen when we run the same jnlp file from a post with Java 6.

Regards.

Re: Java 7

PostPosted: Sun Aug 06, 2017 10:33 pm
by ROCLASI
Hi sgomez,

Oracle implemented a lot stricter security checks in Java 7 (and up). For instance it's almost impossible to use a self-signed certificate. Also expired certificates (SSL and Codesigning) are not allowed anymore.
Servoy 5.2.15 is pretty old (2012) and it's code signing cert is already expired (14 feb, 2015). On top of that Servoy's default SSL certificate has also expired on these old versions.
Both issues can be remedied by getting/using your own (not-selfsigned) certificates and re-codesign the whole installation and setup your own SSL certificate. That last part has always been best practice because the default SSL cert was only there for development/testing purposes. Using Servoy's default SSL certificate doesn't make your connection secure as the same certificate comes with every Servoy installer. Also your passwords in the servoy.properties are encrypted using your SSL certificate.

If you don't want to re-codesign your installation then I suggest you upgrade your installation and solution to (at least) version 7.4.10. Those have valid code signing and SSL certs. But again, you should always use your own SSL cert in production.

Hope this helps.