解決 java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
2017-12-12 17:23
549 查看
背景:迁移服务器,每次使用20小时后报此错,重启服务器后又能用了
查网,网上的解决方案都是:
找到 jre/lib/security/java.security
将
jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
改为
jdk.certpath.disabledAlgorithms=
取自:http://www.cnblogs.com/zemliu/p/4121136.html
修改后无果,有其必然性,我又没用ssl于是从两台服务器的java环境入手:
旧:1.8.0_112jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
新:1.8.0_151jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224jdk.jar.disabledAlgorithms=MD2,MD5,RSA keySize < 1024jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, EC keySize < 224
由于此项目比较小,仅用到一个md5算法,从此入手
可以看到区别,jdk.jar.disabledAlgorithms 中 旧版无对MD5的限制,在新版jdk配置中,去除MD5(红色标注),还是没解决
但是思路参考了:http://blog.csdn.net/sxe18652071425/article/details/51064464
2018.2.25 此前替换了忽略了java版本,原版本为jdk1.8.0_112
后来迁移中替换为
jdk1.8.0_151
换回112后经过一星期的检验 ,此问题修复。
查网,网上的解决方案都是:
找到 jre/lib/security/java.security
将
jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
改为
jdk.certpath.disabledAlgorithms=
取自:http://www.cnblogs.com/zemliu/p/4121136.html
修改后无果,有其必然性,我又没用ssl于是从两台服务器的java环境入手:
旧:1.8.0_112jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
新:1.8.0_151jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224jdk.jar.disabledAlgorithms=MD2,MD5,RSA keySize < 1024jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, EC keySize < 224
由于此项目比较小,仅用到一个md5算法,从此入手
| 旧 1.8.0_112 | 新 1.8.0_151 | |
| jdk.certpath.disabledAlgorithms | MD2, MD5, RSA keySize < 1024 | MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, .... |
| jdk.jar.disabledAlgorithms | MD2, RSA keySize < 1024 | MD2, MD5, RSA keySize< 1024 |
| jdk.tls.disabledAlgorithms | SSLv3, RC4, MD5withRSA,DH keySize< 768 | SSLv3, RC4, MD5withRSA,DH keySize< 768, ...... |
但是思路参考了:http://blog.csdn.net/sxe18652071425/article/details/51064464
2018.2.25 此前替换了忽略了java版本,原版本为jdk1.8.0_112
后来迁移中替换为
jdk1.8.0_151
换回112后经过一星期的检验 ,此问题修复。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 解決 java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- Java_解决java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- 终极解决方案:java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
- Java_Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints 异常的解决方法
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints
- Certificates does not conform to algorithm constraints