Community
cancel
Showing results for 
Search instead for 
Did you mean: 
peri
Beginner
193 Views

Parse UTC time, invalid format error while Intel AMT provisioning

Hi,
I am trying to provisioning Intel AMT device (3.0.2) through the Provisioning Server that is developed in Java which uses PKI mode to provision the AMT devices. As part of the initial provisioning process, Intel AMT presents its self-signed certificate to the provisioning server. But when java ssl library tries to validate the self-signed certificate, i get the following error Parse UTC time, invalid format.

I didn't see this issue before when i used the same java provisiong code& AMT device. provisioning simply worked fine.

Setting Intel AMT device's Set PRTC also doesn't help to fix this issue. Could you please let me know what causes this issue ?

Error details:

Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:190)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:395)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:196)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.intel.schemas.platform.client.SecurityAdministration._2004._01.SecurityAdministrationSoapBindingStub.getCoreVersion(SecurityAdministrationSoapBindingStub.java:2362)
at com.test.iamt.provisioning.IAMTConfiguration.setCommonConfiguration(IAMTConfiguration.java:211)
at com.test.iamt.provisioning.IAMTConfiguration.startProvisioning(IAMTConfiguration.java:111)
at com.test.iamt.provisioning.IAMTConfiguration.main(IAMTConfiguration.java:101)
Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Parse UTC time, invalid format
at sun.security.x509.X509CertInfo.(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
... 31 more
Caused by: java.io.IOException: Parse UTC time, invalid format
at sun.security.util.DerInputBuffer.getTime(Unknown Source)
at sun.security.util.DerInputBuffer.getUTCTime(Unknown Source)
at sun.security.util.DerInputStream.getUTCTime(Unknown Source)
at sun.security.x509.CertificateValidity.construct(Unknown Source)
at sun.security.x509.CertificateValidity.(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
... 36 more

{http://xml.apache.org/axis/}hostname:pperiyasamy

javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:301)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.intel.schemas.platform.client.SecurityAdministration._2004._01.SecurityAdministrationSoapBindingStub.getCoreVersion(SecurityAdministrationSoapBindingStub.java:2362)
at com.test.iamt.provisioning.IAMTConfiguration.setCommonConfiguration(IAMTConfiguration.java:211)
at com.test.iamt.provisioning.IAMTConfiguration.startProvisioning(IAMTConfiguration.java:111)
at com.test.iamt.provisioning.IAMTConfiguration.main(IAMTConfiguration.java:101)
Caused by: javax.net.ssl.SSLProtocolException: java.io.IOException: Parse UTC time, invalid format
at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateMsg.(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:190)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:395)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.axis.transport.http.CommonsHTTPSender.invoke(CommonsHTTPSender.java:196)
... 13 more
Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Parse UTC time, invalid format
at sun.security.x509.X509CertInfo.(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
... 31 more
Caused by: java.io.IOException: Parse UTC time, invalid format
at sun.security.util.DerInputBuffer.getTime(Unknown Source)
at sun.security.util.DerInputBuffer.getUTCTime(Unknown Source)
at sun.security.util.DerInputStream.getUTCTime(Unknown Source)
at sun.security.x509.CertificateValidity.construct(Unknown Source)
at sun.security.x509.CertificateValidity.(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
... 36 more

Thanks,
Periyasamy


0 Kudos
6 Replies
Lance_A_Intel
Employee
193 Views

Hello,
You mention that this provisioning code worked before.
Could you describe what is different now from when it was working?
Are you using the same systems? Same certificate?
peri
Beginner
193 Views

Yes Lance, I am using the same system and same ztc certificate that was used earlier. I didn't make any changes in the provisioing code. But now somehow Provisioning server's java ssl library is not able to parse the Intel Device's self-signed certificate. So I have tried to provision the same device with Intel SCA sample and provisioning just worked fine. I also tried to use the same prov code (java) to provision the another AMT device. There also I couldn't reproduce the issue. So I don't have any clue what went wrong on the AMT device


Thanks,
periyasamy
Lance_A_Intel
Employee
193 Views

Certificate errors when nothing has changed in the setup are usually related to time. Like the certificate expiring or the time synchronization between server and client being off.
You may want to take a look at thisblog with some tips on solving some connection issues.

I have not come across your specific error on parsing the UTC time, so I will dig aorund to try to get info on that.

peri
Beginner
193 Views

Hi Lance,

This issue occurred due to last day of the month and We have got confirmation from Intel that there is a known issue in older firmware as given below.

There is a known issue on some older FW versions where the clock on a few specific days of the year is not represented correctly. Being the last day of the month, this sounds like it could be the same issue.

The actual FW version where it was first fixed was 3.2.2.1033v3.

Thanks,
Periyasamy
Andrew_S_Intel2
Employee
193 Views

Periyasamy,

You didn't mention, have you tried updating the firmware on your system? Did that resolve the issue?

Andy
peri
Beginner
193 Views

Hi Andrew,
I haven't tried updating the firmware. But when i tried to provision the device on (01/04), it worked fine. :)

Thanks,
Periyasamy
Reply