Problem:
The error message “DXadmind host 'Hostname' is unreachable - java.security.cert.CertificateException: Certificates does not conform to algorithm constraints .” appears within dxmanager under alerts.
Environment:
Ca Directory / DxManager 12.0 SP18
Estimated: Java 1.8u100+
Cause:
Java recently increased their security measures and stopped allowing the MD5 as a valid algorithm.
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224
Resolution:
Remove the declaration of the MD5 Algorithm.
Example Steps:
Navigate to File Path:
"\jre\lib\security\java.security"
Open java.security, then modify the following disabledAlgorithms.
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224
to:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224
Once the change is made you will need to stop and start DxManager and then you will no longer receive the error "DXadmind host 'Hostname' is unreachable - java.security.cert.CertificateException: Certificates does not conform to algorithm constraints .”