parvi07

DxManager Error: Certificates does not conform to algorithm constraints

Discussion created by parvi07 Employee on Feb 10, 2017
Latest reply on Feb 10, 2017 by Chris_Hackett

Problem:

The error message “DXadmind host 'Hostname' is unreachable - java.security.cert.CertificateException: Certificates does not conform to algorithm constraints .” appears within dxmanager under alerts.

 

Environment:

Ca Directory / DxManager 12.0 SP18
Estimated: Java 1.8u100+

Cause:

   Java recently increased their security measures and stopped allowing the MD5 as a valid algorithm.

   jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224

 

Resolution:

   Remove the declaration of the MD5 Algorithm.

 

Example Steps:

Navigate to File Path:
"\jre\lib\security\java.security"

 

Open java.security, then modify the following disabledAlgorithms.

      jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224

         to:

   jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224

 

Once the change is made you will need to stop and start DxManager and then you will no longer receive the error "DXadmind host 'Hostname' is unreachable - java.security.cert.CertificateException: Certificates does not conform to algorithm constraints .”

Outcomes