Symantec Access Management

 View Only
  • 1.  DxManager Error: Certificates does not conform to algorithm constraints

    Posted Feb 10, 2017 04:11 PM

    Problem:

    The error message “DXadmind host 'Hostname' is unreachable - java.security.cert.CertificateException: Certificates does not conform to algorithm constraints .” appears within dxmanager under alerts.

     

    Environment:

    Ca Directory / DxManager 12.0 SP18
    Estimated: Java 1.8u100+

    Cause:

       Java recently increased their security measures and stopped allowing the MD5 as a valid algorithm.

       jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224

     

    Resolution:

       Remove the declaration of the MD5 Algorithm.

     

    Example Steps:

    Navigate to File Path:
    "\jre\lib\security\java.security"

     

    Open java.security, then modify the following disabledAlgorithms.

          jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224

             to:

       jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224

     

    Once the change is made you will need to stop and start DxManager and then you will no longer receive the error "DXadmind host 'Hostname' is unreachable - java.security.cert.CertificateException: Certificates does not conform to algorithm constraints .”



  • 2.  Re: DxManager Error: Certificates does not conform to algorithm constraints

     
    Posted Feb 10, 2017 04:38 PM

    Thanks for sharing this tip with the community Vincent!

    DxManager Error: Certificates does not conform to algorithm constraints