Intel® Business Client Software Development
Support for Intel® vPro™ software development and the technologies associated with Intel vPro platforms.
1363 Discussions

Parse UTC time, invalid format error while Intel AMT provisioning

peri
Beginner
330 Views
Hi,
I am trying to provisioning Intel AMT device (3.0.2) through the Provisioning Server that is developed in Java which uses PKI mode to provision the AMT devices. As part of the initial provisioning process, Intel AMT presents its self-signed certificate to the provisioning server. But when java ssl library tries to validate the self-signed certificate, i get the following error Parse UTC time, invalid format.

I didn't see this issue before when i used the same java provisiong code& AMT device. provisioning simply worked fine.

Setting Intel AMT device's Set PRTC also doesn't help to fix this issue. Could you please let me know what causes this issue ?

Error details:

Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:190)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:395)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:196)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.intel.schemas.platform.client.SecurityAdministration._2004._01.SecurityAdministrationSoapBindingStub.getCoreVersion(SecurityAdministrationSoapBindingStub.java:2362)
at com.test.iamt.provisioning.IAMTConfiguration.setCommonConfiguration(IAMTConfiguration.java:211)
at com.test.iamt.provisioning.IAMTConfiguration.startProvisioning(IAMTConfiguration.java:111)
at com.test.iamt.provisioning.IAMTConfiguration.main(IAMTConfiguration.java:101)
Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Parse UTC time, invalid format
at sun.security.x509.X509CertInfo.(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
... 31 more
Caused by: java.io.IOException: Parse UTC time, invalid format
at sun.security.util.DerInputBuffer.getTime(Unknown Source)
at sun.security.util.DerInputBuffer.getUTCTime(Unknown Source)
at sun.security.util.DerInputStream.getUTCTime(Unknown Source)
at sun.security.x509.CertificateValidity.construct(Unknown Source)
at sun.security.x509.CertificateValidity.(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
... 36 more

{http://xml.apache.org/axis/}hostname:pperiyasamy

javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:301)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.intel.schemas.platform.client.SecurityAdministration._2004._01.SecurityAdministrationSoapBindingStub.getCoreVersion(SecurityAdministrationSoapBindingStub.java:2362)
at com.test.iamt.provisioning.IAMTConfiguration.setCommonConfiguration(IAMTConfiguration.java:211)
at com.test.iamt.provisioning.IAMTConfiguration.startProvisioning(IAMTConfiguration.java:111)
at com.test.iamt.provisioning.IAMTConfiguration.main(IAMTConfiguration.java:101)
Caused by: javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:190)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:395)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:196)
... 13 more
Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Parse UTC time, invalid format
at sun.security.x509.X509CertInfo.(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
... 31 more
Caused by: java.io.IOException: Parse UTC time, invalid format
at sun.security.util.DerInputBuffer.getTime(Unknown Source)
at sun.security.util.DerInputBuffer.getUTCTime(Unknown Source)
at sun.security.util.DerInputStream.getUTCTime(Unknown Source)
at sun.security.x509.CertificateValidity.construct(Unknown Source)
at sun.security.x509.CertificateValidity.(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
... 36 more

Thanks,
Periyasamy


0 Kudos
6 Replies
Lance_A_Intel
Employee
330 Views
Hello,
You mention that this provisioning code worked before.
Could you describe what is different now from when it was working?
Are you using the same systems? Same certificate?
peri
Beginner
330 Views
Yes Lance, I am using the same system and same ztc certificate that was used earlier. I didn't make any changes in the provisioing code. But now somehow Provisioning server's java ssl library is not able to parse the Intel Device's self-signed certificate. So I have tried to provision the same device with Intel SCA sample and provisioning just worked fine. I also tried to use the same prov code (java) to provision the another AMT device. There also I couldn't reproduce the issue. So I don't have any clue what went wrong on the AMT device


Thanks,
periyasamy
Lance_A_Intel
Employee
330 Views

Certificate errors when nothing has changed in the setup are usually related to time. Like the certificate expiring or the time synchronization between server and client being off.
You may want to take a look at thisblog with some tips on solving some connection issues.

I have not come across your specific error on parsing the UTC time, so I will dig aorund to try to get info on that.

peri
Beginner
330 Views
Hi Lance,

This issue occurred due to last day of the month and We have got confirmation from Intel that there is a known issue in older firmware as given below.

There is a known issue on some older FW versions where the clock on a few specific days of the year is not represented correctly. Being the last day of the month, this sounds like it could be the same issue.

The actual FW version where it was first fixed was 3.2.2.1033v3.

Thanks,
Periyasamy
Andrew_S_Intel2
Employee
330 Views
Periyasamy,

You didn't mention, have you tried updating the firmware on your system? Did that resolve the issue?

Andy
peri
Beginner
330 Views
Hi Andrew,
I haven't tried updating the firmware. But when i tried to provision the device on (01/04), it worked fine. :)

Thanks,
Periyasamy
Reply