Friday, March 16, 2018

Algorithm constraints check failed on signature algorithm: MD5withRSA

Issue: We did a PMP on OAM instance. As part of that  we updated JDK. We copied the customer certs. But when we started OAM we got, (OAM version 11.1.2.2, can occur on any version)

 <Mar 16, 2018 5:57:07 AM UTC> <Warning> <Coherence> <BEA-000000> <2018-03-16 05:57:07.204/380.379 Oracle Coherence GE 3.7.1.1 <Warning> (thread=PacketListener1, member=n/a): TcpDatagramSocket{bind=ServerSocket[addr=/141.143.130.9,localport=9097]}, exception regarding peer vmohsisos016.oracleoutsourcing.com/100.143.130.9:9095, General SSLEngine problem; Certificates do not conform to algorithm constraints; Algorithm constraints check failed on signature algorithm: MD5withRSA>
<Mar 16, 2018 5:57:07 AM UTC> <Error> <Coherence> <BEA-000000> <2018-03-16 05:57:07.505/380.680 Oracle Coherence GE 3.7.1.1 <Error> (thread=Configuration Store Observer, member=n/a): Error while starting cluster: com.tangosol.net.RequestTimeoutException: Timeout during service start: ServiceInfo(Id=0, Name=Cluster, Type=Cluster
  MemberSet=MasterMemberSet(
    ThisMember=null
    OldestMember=null
    ActualMemberSet=MemberSet(Size=0
      )
    MemberId|ServiceVersion|ServiceJoined|MemberState
    RecycleMillis=240000
    RecycleSet=MemberSet(Size=0
      )
    )
)
      

Solution: in the JDK_HOME/jre/lib/java.security , we need to make some changed.

-bash-3.2$ diff java.security_16032018 java.security
479,480c479,480
< jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
<     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
---
> jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, \
>     RSA keySize < 512, DSA keySize < 1024, EC keySize < 224
523c523
< jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
---
> jdk.jar.disabledAlgorithms=MD2,RSA keySize < 512, DSA keySize < 1024
555c555
< jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 1024, \
---
> jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 1024, \
-bash-3.2$


No comments:

Post a Comment