java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

by

Background

MD2 was widely recognized as insecure and thus disabled in Java in version JDK 6u17 (see release notes http://www.oracle.com/technetwork/java/javase/6u17-141447.html, “Disable MD2 in certificate chain validation”), as well as JDK 7, as per the configuration you pointed out in java.security.

Verisign was using a Class 3 root certificate with the md2WithRSAEncryption signature algorithm (serial 70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf), but deprecated it and replaced it with another certificate with the same key and name, but signed with algorithm sha1WithRSAEncryption. However, some servers are still sending the old MD2 signed certificate during the SSL handshake (ironically, I ran into this problem with a server run by Verisign!).

You can verify that this is the case by getting the certificate chain from the server and examining it:

openssl s_client -showcerts -connect <server>:<port>

Recent versions of the JDK (e.g. 6u21 and all released versions of 7) should resolve this issue by automatically removing certs with the same issuer and public key as a trusted anchor (in cacerts by default).

If you still have this issue with newer JDKs

Check if you have a custom trust manager implementing the older X509TrustManager interface. JDK 7+ is supposed to be compatible with this interface, however based on my investigation when the trust manager implements X509TrustManager rather than the newer X509ExtendedTrustManager (docs), the JDK uses its own wrapper (AbstractTrustManagerWrapper) and somehow bypasses the internal fix for this issue.

The solution is to:

  1. use the default trust manager, or

  2. modify your custom trust manager to extend X509ExtendedTrustManager directly (a simple change).

More Related Contents:

  1. Recursively list files in Java
  2. How can I use different certificates on specific connections?
  3. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  4. Why does SSL handshake give ‘Could not generate DH keypair’ exception?
  5. Error when using LogManager (l4j2) with Java 8 (java.lang.reflect.AnnotatedElement cannot be resolved)
  6. Problems using Maven and SSL behind proxy
  7. Java 7 language features with Android
  8. javax.net.ssl.SSLException: Received fatal alert: protocol_version
  9. How to set specific Java version to Maven?
  10. What’s the purpose of try-with-resources statements?
  11. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake during web service communicaiton
  12. Installed Java 7 on Mac OS X but Terminal is still using version 6
  13. How to programmatically set the SSLContext of a JAX-WS client?
  14. Java SSL: how to disable hostname verification
  15. Problems connecting via HTTPS/SSL through own Java client
  16. How to enable SSL 3 in Java
  17. Choosing SSL client certificate in Java
  18. How to convert certificate from PEM to JKS?
  19. How do I run my application as superuser from Eclipse?
  20. What is the difference between PermGen and Metaspace?
  21. intern() behaving differently in Java 6 and Java 7
  22. Java and SSL – java.security.NoSuchAlgorithmException
  23. What is Keystore?
  24. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  25. OkHttp javax.net.ssl.SSLPeerUnverifiedException: Hostname domain.com not verified
  26. Having spaces in Runtime.getRuntime().exec with 2 executables
  27. SSL “Peer Not Authenticated” error with HttpClient 4.1
  28. How to connect to a secure website using SSL in Java with a pkcs12 file?
  29. Creating .p12 truststore with openssl
  30. Setting multiple truststore on the same JVM

Leave a Comment