Issue: We did a PMP on OAM instance. As part of that we updated JDK. We copied the customer certs. But when we started OAM we got, (OAM version 11.1.2.2, can occur on any version)
<Mar 16, 2018 5:57:07 AM UTC> <Warning> <Coherence> <BEA-000000> <2018-03-16 05:57:07.204/380.379 Oracle Coherence GE 3.7.1.1 <Warning> (thread=PacketListener1, member=n/a): TcpDatagramSocket{bind=ServerSocket[addr=/141.143.130.9,localport=9097]}, exception regarding peer vmohsisos016.oracleoutsourcing.com/100.143.130.9:9095, General SSLEngine problem; Certificates do not conform to algorithm constraints; Algorithm constraints check failed on signature algorithm: MD5withRSA>
<Mar 16, 2018 5:57:07 AM UTC> <Error> <Coherence> <BEA-000000> <2018-03-16 05:57:07.505/380.680 Oracle Coherence GE 3.7.1.1 <Error> (thread=Configuration Store Observer, member=n/a): Error while starting cluster: com.tangosol.net.RequestTimeoutException: Timeout during service start: ServiceInfo(Id=0, Name=Cluster, Type=Cluster
MemberSet=MasterMemberSet(
ThisMember=null
OldestMember=null
ActualMemberSet=MemberSet(Size=0
)
MemberId|ServiceVersion|ServiceJoined|MemberState
RecycleMillis=240000
RecycleSet=MemberSet(Size=0
)
)
)
Solution: in the JDK_HOME/jre/lib/java.security , we need to make some changed.
-bash-3.2$ diff java.security_16032018 java.security
479,480c479,480
< jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
< RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
---
> jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, \
> RSA keySize < 512, DSA keySize < 1024, EC keySize < 224
523c523
< jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
---
> jdk.jar.disabledAlgorithms=MD2,RSA keySize < 512, DSA keySize < 1024
555c555
< jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \
---
> jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \
-bash-3.2$
<Mar 16, 2018 5:57:07 AM UTC> <Warning> <Coherence> <BEA-000000> <2018-03-16 05:57:07.204/380.379 Oracle Coherence GE 3.7.1.1 <Warning> (thread=PacketListener1, member=n/a): TcpDatagramSocket{bind=ServerSocket[addr=/141.143.130.9,localport=9097]}, exception regarding peer vmohsisos016.oracleoutsourcing.com/100.143.130.9:9095, General SSLEngine problem; Certificates do not conform to algorithm constraints; Algorithm constraints check failed on signature algorithm: MD5withRSA>
<Mar 16, 2018 5:57:07 AM UTC> <Error> <Coherence> <BEA-000000> <2018-03-16 05:57:07.505/380.680 Oracle Coherence GE 3.7.1.1 <Error> (thread=Configuration Store Observer, member=n/a): Error while starting cluster: com.tangosol.net.RequestTimeoutException: Timeout during service start: ServiceInfo(Id=0, Name=Cluster, Type=Cluster
MemberSet=MasterMemberSet(
ThisMember=null
OldestMember=null
ActualMemberSet=MemberSet(Size=0
)
MemberId|ServiceVersion|ServiceJoined|MemberState
RecycleMillis=240000
RecycleSet=MemberSet(Size=0
)
)
)
Solution: in the JDK_HOME/jre/lib/java.security , we need to make some changed.
-bash-3.2$ diff java.security_16032018 java.security
479,480c479,480
< jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
< RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
---
> jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, \
> RSA keySize < 512, DSA keySize < 1024, EC keySize < 224
523c523
< jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
---
> jdk.jar.disabledAlgorithms=MD2,RSA keySize < 512, DSA keySize < 1024
555c555
< jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \
---
> jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \
-bash-3.2$
No comments:
Post a Comment