Algorithm constraints check failed on signature algorithm: MD5withRSA

Question

Today I want to use the HttpClient to call Hybris interface in the AEM. But I get the error message "java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: MD5withRSA".

In this line throw a exception "java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: MD5withRSA".

httpClient.executeMethod(request);

I changed the below there properties to empty in the java.security file(C:\Program Files\Java\jdk1.8.0_191\jre\lib\security\java.security), but it doesn't work.

jdk.certpath.disabledAlgorithms
jdk.tls.disabledAlgorithms
jdk.jar.disabledAlgorithms

MY JDK Version : jdk1.8.0_191

Is anyone know how to fix it?

Thanks, Forrest

Answer 1

Aside: the jdk.jar.disabledAlgorithm property is not relevant to this issue.

Make certain you've actually changed the file as seen by the program.

• Modern versions of Windows (IIRC since Vista, maybe Seven) don't like files under \Program Files and \Program Files (x86) being written by anything but an installer program. One thing they do at least sometimes is 'virtualize' such writes, to a different file hidden somewhere under per-user %appdata%. Search and you'll find lots of similar problems and frustrations.

• Call Security.getProperty() to check the setting actually seen in your program.

If you can't fix the setting in the standard file, you can override it in another file (put somewhere more convenient) by setting sysprop (not secprop) java.security.properties=filename or by calling Security.setProperty() early in your program (before the JSSE/PKIX classes are loaded). See:
Relaxing SSL algorithm constrains programatically
Java - Lock down TLS version in java.security, but allow per app override via launch config?

Alternatively, JDK doesn't really need to be in \Program Files*. I put it in another top-level directory and don't have these issues.

And of course tell whoever is responsible for the server they are way behind the times :-)

Answer 2

Hi @dave_thompson_085,

Thanks to your replay. I have fixed this issue with the below steps.

1. I Used command "where java" to check which JDK is I am really using.

2. I reinstalled that JDK.

3. I removed MD5 from "jdk.certpath.disabledAlgorithms", removed MD5withRSA from "jdk.tls.disabledAlgorithms"

4. removed "C:\Program Files (x86)\Common Files\Oracle\Java\javapath;" from path of the System variables

5. restart the computer, then this issue is fixed.

Thanks, Forrest