What are My Options for Java v7 and v8 SVP Code Signing Certificates That May be Expiring
In what ways will my SVPs be affected when Java v7 and v8 code-signing certificates expire, and what are my options?
- VSP G1X00 and VSP F1500
- Virtual Storage Platform G1000 (VSP G1000)
- Virtual Storage Platform G1500 (VSP G1500)
- Virtual Storage Platform F1500 (VSP F1500)
- VSP Gx00 and VSP Fx00
- Virtual Storage Platform Gx00 (VSP Gx00): VSP G200, VSP G400, VSP G600, VSP G800
- Virtual Storage Platform Fx00 (VSP Fx00): VSP F400, VSP F600, VSP F800
- VSP G130 G/F350 G/F370 G/F700 G/F900
- VSP G130, G350, G370, G700, G900
- VSP F350, F370, F700, F900
- Hitachi Unified Storage VM (HUS VM)
- Virtual Storage Platform (VSP)
- Hitachi Device Manager (HDvM)
- Hitachi Storage Navigator (SN)
- Hitachi Storage Advisor (HSA)
- Java v7 (1.7.0_55 or later)
- Java v8 (1.8.0_5 or later)
- Note that Java v6 and v11 are not affected.
- Note that multiple Java runtime environments installs are not supported.
We previously released a technical bulletin to inform you that Java v7 and v8 digital code-signing certificates in the storage system service processor (SVP) are due to expire, and to give you information about temporary workarounds and permanent fixes.
It’s important to know that after the expiration date, Hitachi storage systems will continue to operate normally. No server or operating system certificates are expiring or impacted. Java does not impact the SVP in total; an expired code-signing certificate prevents a user from remotely managing certain Java-enabled features on Hitachi Storage Navigator. Experience varies based on a user’s access to the SVP and typical use of Java-enabled functions. This means:
- Some configuration and storage management features related to remotely viewing and making configuration changes on the SVP, Hitachi Storage Navigator, and Hitachi Device Manager need a temporary workaround, microcode patch or microcode update. (See the table of affected features by product in our technical bulletin.)
- Remote logins for SVP maintenance, updates to Microsoft® Windows®, and all other maintenance and customer service actions on the SVP will not be impacted. RAIDCOM (CCI) commands are not affected.
- No Hitachi products that use Java v11 are affected; affected products are those using Java v7 or v8.
We’re dedicated to supporting you with temporary workarounds and permanent fixes that fit your needs. You can:
- Access the SVP directly rather than remotely to keep using all affected features.
- Perform a temporary workaround on the SVP to temporarily disable checking the digital signature.
- Use our automated scripts to perform the workaround on the SVP. View this article for a video tutorial, instructions and download links for the scripts. (Customer Engineers will perform this in most cases.)
- Update to the latest microcode version (preferred), which installs the new code-signing certificate.
- Update with a microcode patch to install the new code-signing certificate.
We’ve created an FAQ to help you better understand the issue and answer any questions you have about affected features, accessing your SVP after the expiration and available options. We will continue to update our materials with additional information as applicable.