java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
Solution 1
Background
MD2 was widely recognized as insecure and thus disabled in Java in version JDK 6u17 (see release notes http://www.oracle.com/technetwork/java/javase/6u17-141447.html, "Disable MD2 in certificate chain validation"), as well as JDK 7, as per the configuration you pointed out in java.security
.
Verisign was using a Class 3 root certificate with the md2WithRSAEncryption
signature algorithm (serial 70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
), but deprecated it and replaced it with another certificate with the same key and name, but signed with algorithm sha1WithRSAEncryption
. However, some servers are still sending the old MD2 signed certificate during the SSL handshake (ironically, I ran into this problem with a server run by Verisign!).
You can verify that this is the case by getting the certificate chain from the server and examining it:
openssl s_client -showcerts -connect <server>:<port>
Recent versions of the JDK (e.g. 6u21 and all released versions of 7) should resolve this issue by automatically removing certs with the same issuer and public key as a trusted anchor (in cacerts by default).
If you still have this issue with newer JDKs
Check if you have a custom trust manager implementing the older X509TrustManager
interface. JDK 7+ is supposed to be compatible with this interface, however based on my investigation when the trust manager implements X509TrustManager
rather than the newer X509ExtendedTrustManager
(docs), the JDK uses its own wrapper (AbstractTrustManagerWrapper
) and somehow bypasses the internal fix for this issue.
The solution is to:
-
use the default trust manager, or
-
modify your custom trust manager to extend
X509ExtendedTrustManager
directly (a simple change).
Solution 2
Eclipse failed to connect to SVN https repositories (should also apply to any app using SSL/TLS).
svn: E175002: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
The issue was caused by latest Java 8 OpenJDK update that disabled MD5 related algorithms. As a workaround until new certificates are issued (if ever), change the following keys at java.security file
WARNING
Keep in mind that this could have security implications as disabled algorithms are considered weak. As an alternative, the workaround can be applied on a JVM basis by a command line option to use an external java.security file with this changes, e.g.:
java -Djava.security.properties=/etc/sysconfig/noMD5.java.security
For Eclipse, add a line on eclipse.ini below -vmargs
-Djava.security.properties=/etc/sysconfig/noMD5.java.security
original keys
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
change to
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
java.security file is located in linux 64 at /usr/lib64/jvm/java/jre/lib/security/java.security
Solution 3
On Fedora 28, just pay attention to the line
security.useSystemPropertiesFile=true
of the java.security
file, found at:
$(dirname $(readlink -f $(which java)))/../lib/security/java.security
Fedora 28 introduced external file of disabledAlgorithms control at
/etc/crypto-policies/back-ends/java.config
You can edit this external file or you can exclude it from java.security
by setting
security.useSystemPropertiesFile=false
Solution 4
We have this problem with one database we don't control and it requried another solution (The ones listed here didn't work). For mine I needed:
-Djdk.tls.client.protocols="TLSv1,TLSv1.1"
I think in my case it had to do with forcing a certain order.
Solution 5
Since this result is the first that Google returns for this error, I'll just add that if anyone looks for way do change java security settings without changing the global file java.security (for example you need to run some tests), you can just provide an overriding security file by JVM parameter -Djava.security.properties=your/file/path in which you can enable the necessary algorithms by overriding the disablements.
james
Updated on July 17, 2022Comments
-
james almost 2 years
I have a mapping application that can add ArcGIS 9.3+ base maps given a URL. One of the URLs that I would like to add is from a customer's URL and is secured. My mapping application was using Java 6 before and was able to add the secure URL with no issues. I now upgraded to Java 7 and am getting a
"java.security.cert.CertificateException: Certificates does not conform to algorithm constraints"
exception. At first, I believe this to be the case because in Java 7, by default, the
MD2
algorithm to sign SSL certificates is disabled. You can see this in the java.security file:"jdk.certpath.disabledAlgorithms=MD2"
But when I check the
Certification Signature Algorithm
of that URL, it saysSHA-1
. What is even more strange is if I comment out the"jdk.certpath.disabledAlgorithms=MD2"
line in thejava.security
file, the URL will work with no issues. IsMD2
used somewhere else during the SSL process? Am I missing something here? -
itsadok over 10 yearsCould you check out my (very similar) question?
-
user2591854 over 8 yearsNot only was the openssl s_client ... command incredibly useful, but the solution to my 6 hours of pain and suffering was the X509ExtendedTrustManager change.
-
Vish almost 8 yearsis there a way in code to override same in apache 4.4
-
LMC almost 8 yearsnot sure but looks related to SSLCipherSuite Directive. Take a look here httpd.apache.org/docs/current/mod/mod_ssl.html. Look for this string: RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
-
Gianluca Greco over 7 yearsChange to X509ExtendedTrustManager is the best solution ever. Thank you so much.
-
Lord Nighton about 7 yearsGot a bit proper solution, than this ad-hoc one :-) In our case
hybris
works with a weak certificate (and is started at Java 7 and behaves as a server from architectural point of view). So, to fix this trouble I will suggest you to read a bit more about this trouble here (sslshopper.com/…). An only thing you need to do is to generate a newkeystore
(use 2048 bits key to generate a certificate, its important) file and replace an old one. And finally it works just fine. -
Alexander Amelkin almost 7 yearsThis is the only solution that helped me fight "Certificates does not conform to algorithm constraints" exception with DavMail. Had to modify /usr/bin/davmail script to add that option.
-
sify about 6 yearschange doesn't work for me, I had to comment out these two lines
-
ElectronicBlacksmith almost 6 yearsI was having this issue with Dbeaver and MS SQL JDBC 6.0 - 6.4 . This solution worked for me and setting -Djdk.tls.client.protocols=TLSv1 did not.
-
paulmdavies about 5 yearsI was having problems on Fedora 28 with certificates with RSA keys of less than 1024 being rejected - I removed that exception from the
/etc/crypto-policies/back-ends/java.config
and now it works fine. Thanks. -
Janne over 4 yearsThank you, this fixed it for me on Fedora 30.
-
Onnonymous about 3 yearsI ran into this on Centos 8 and RHEL 8, that now also have crypto-policies.