Certificates does not conform to algorithm constraints
2017-06-23 10:20
99 查看
跟分公司调试https接口时,发现java报错.
Exception in thread "main" javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at com.jianggujin.net.core.HQRequestExecuter.execute(HQRequestExecuter.java:80)
at com.jianggujin.net.core.HQRequest.execute(HQRequest.java:450)
at net14.MainTest.main(MainTest.java:19)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1055)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:923)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 13 more
在网上搜了,都说出现该异常的原因是在JDK中做了限制,解决方法是 把JAVA_HOME/jre/lib/security/java.security 文件里的jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048,改成jdk.certpath.disabledAlgorithms=,去掉
“MD2, DSA, RSA keySize < 2048”
但是做了该操作后,程序依然报错.经过长时间的调试,发现需要删除下面这两行,程序才不会报错
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
很明显,就是证书加密算法和tls加密算法安全性不够,直接用openssl 生成一个用RSA算法且秘钥长度为2048的https证书,并部署到分公司的服务器,java就不再报错了,分公司的https证书太老了,醉了.
Exception in thread "main" javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at com.jianggujin.net.core.HQRequestExecuter.execute(HQRequestExecuter.java:80)
at com.jianggujin.net.core.HQRequest.execute(HQRequest.java:450)
at net14.MainTest.main(MainTest.java:19)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1055)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:923)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 13 more
在网上搜了,都说出现该异常的原因是在JDK中做了限制,解决方法是 把JAVA_HOME/jre/lib/security/java.security 文件里的jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048,改成jdk.certpath.disabledAlgorithms=,去掉
“MD2, DSA, RSA keySize < 2048”
但是做了该操作后,程序依然报错.经过长时间的调试,发现需要删除下面这两行,程序才不会报错
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
很明显,就是证书加密算法和tls加密算法安全性不够,直接用openssl 生成一个用RSA算法且秘钥长度为2048的https证书,并部署到分公司的服务器,java就不再报错了,分公司的https证书太老了,醉了.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- 解決 java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- Java_解决java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- 终极解决方案:java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints 异常的解决方法
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints