makeitcloudy/gist:4d82bf5ec24cb15488f659d246304336

## gistfile1.txt
# 2024.02.18
# windows 10 22H2
java -version
# java version "1.8.0_401"
# Java(TM) SE Runtime Environment (build 1.8.0_401-b10)
# Java HotSpot(TM) Client VM (build 25.401-b10, mixed mode, sharing)

# supermicro x9scl-f, supermicro x9dri-ln4f

The issue is caused by JARs signed with SHA-1 algorithms that are restricted by default and treated as if they were unsigned, starting from the Oracle Java Version 8 Update 351.
Resolution
To run JNLP files and start Remote Control Managed sessions not using pre-installed Controller, perform the following steps:

 Open the "java.security" file available in the following directory:
[installation_path]\server\java\jre\lib\security\java.security

 in my case: C:\Program Files (x86)\Java\jre-1.8\lib\security\java.security

1. Locate the "jdk.certpath.disabledAlgorithms" property and comment the section
#jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
#    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
#    include jdk.disabled.namedCurves, \
#    SHA1 usage SignedJAR & denyAfter 2019-01-01

2. Locate the "jdk.jar.disabledAlgorithms" property and comment the section

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
#      DSA keySize < 1024, include jdk.disabled.namedCurves, \
#      SHA1 denyAfter 2019-01-01

this allows the old algorithms which was used to sign the jnlp from the BMC of X9SCL-F motherboard.
Some of the certificates within the chain already expired, and they left much to be desired security wise, these days.

 Save the file and run the downloaded JNLP file.

###
on ubuntu
1. sudo apt-get install libxtst6:i386
2. download java8 jdk-8u333-linux-i586.tar.gz from https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html
3. tar xvfz jdk-8*
4. jdk1.8.0_333/bin/javaws launch.jnlp

###
on macOS

# 2024.05.08
# macos Sonoma 14.4.1
# java version "1.8.0_411"
# Java(TM) SE Runtime Environment (build 1.8.0_411-b09)
# Java HotSpot(TM) 64-Bit Server VM (build 25.411-b09, mixed mode)

sudo find / -name java.security
cd /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/
nano java.security

# then repeat the steps mentioned above in paragraph 1 and 2

###
source: https://www.bytesizedalex.com/supermicro-ipmi-ssl-tls-certificate-replacement/

I had the same problem and resetting, factory defaulting the BMC etc did nothing. After months of searching I eventually found the raw command to set the SSL certificate back to the default which brought the web web server back from the dead.

ipmicfg -raw 0x30 0x68 0 0

###
an interesting approach with socat
https://www.osso.nl/blog/2020/supermicro-java-console-redirection-kvm/
	# 2024.02.18
	# windows 10 22H2
	java -version
	# java version "1.8.0_401"
	# Java(TM) SE Runtime Environment (build 1.8.0_401-b10)
	# Java HotSpot(TM) Client VM (build 25.401-b10, mixed mode, sharing)

	# supermicro x9scl-f, supermicro x9dri-ln4f

	The issue is caused by JARs signed with SHA-1 algorithms that are restricted by default and treated as if they were unsigned, starting from the Oracle Java Version 8 Update 351.
	Resolution
	To run JNLP files and start Remote Control Managed sessions not using pre-installed Controller, perform the following steps:

	Open the "java.security" file available in the following directory:
	[installation_path]\server\java\jre\lib\security\java.security

	in my case: C:\Program Files (x86)\Java\jre-1.8\lib\security\java.security

	1. Locate the "jdk.certpath.disabledAlgorithms" property and comment the section
	#jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
	# RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
	# include jdk.disabled.namedCurves, \
	# SHA1 usage SignedJAR & denyAfter 2019-01-01

	2. Locate the "jdk.jar.disabledAlgorithms" property and comment the section

	#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
	# DSA keySize < 1024, include jdk.disabled.namedCurves, \
	# SHA1 denyAfter 2019-01-01

	this allows the old algorithms which was used to sign the jnlp from the BMC of X9SCL-F motherboard.
	Some of the certificates within the chain already expired, and they left much to be desired security wise, these days.

	Save the file and run the downloaded JNLP file.

	###
	on ubuntu
	1. sudo apt-get install libxtst6:i386
	2. download java8 jdk-8u333-linux-i586.tar.gz from https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html
	3. tar xvfz jdk-8*
	4. jdk1.8.0_333/bin/javaws launch.jnlp

	###
	on macOS

	# 2024.05.08
	# macos Sonoma 14.4.1
	# java version "1.8.0_411"
	# Java(TM) SE Runtime Environment (build 1.8.0_411-b09)
	# Java HotSpot(TM) 64-Bit Server VM (build 25.411-b09, mixed mode)

	sudo find / -name java.security
	cd /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/
	nano java.security

	# then repeat the steps mentioned above in paragraph 1 and 2

	###
	source: https://www.bytesizedalex.com/supermicro-ipmi-ssl-tls-certificate-replacement/

	I had the same problem and resetting, factory defaulting the BMC etc did nothing. After months of searching I eventually found the raw command to set the SSL certificate back to the default which brought the web web server back from the dead.

	ipmicfg -raw 0x30 0x68 0 0

	###
	an interesting approach with socat
	https://www.osso.nl/blog/2020/supermicro-java-console-redirection-kvm/