Technical Support Pages

Title
Java Web Services Interface Stopped Working with Java 1.8.0_71 or later (Version 8 Update 71 or later)
Keywords
Java Web Services Security Certificate
Product Release(s)
03.04.0x 03.03.0x 03.02.0x 03.01.0x 03.00.0x
Operating System(s)
All Supported
Problem Description
I can't launch EDGEMENU via the Web Services Interface after installing Java Version 8 Update 71 or later. The error I get is: Error Negotiating: jn_negotiate error sending http reQ javax.net.ssl.SSLHandshaKeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
Cause
Security Updates in Java 8 Update 71 or later are not compatible with our Java signed certificate by default.
Solution
You'll need to edit the Java Security settings on the desktop client to restore compatibility. In Windows this file is TYPICALLY: C:\Program Files (x86)\Java\[latest_jrel]\lib\security\java.security for example. C:\Program Files (x86)\Java\jre1.8.0_71\lib\security\java.security C:\Program Files (x86)\Java\jre1.8.0_73\lib\security\java.security C:\Program Files (x86)\Java\jre1.8.0_191\lib\security\java.security C:\Program Files (x86)\Java\jre1.8.0_201\lib\security\java.security ... C:\Program Files (x86)\Java\jre1.8.0_281\lib\security\java.security In other words, find the \lib\security directory in the latest jrel.8.x directory and edit java.security. If you've installed Java in a different directory, you'll need to search for the iappropriate java.security file. Edit the file (you can use "notebook" in Administrator Mode). ----------- jre 1.8.0_201and jre 1.8.0_221 - jre 1.8.0_281 Find the following line... jdk.certpath.disabledAlgorithms The default value is: jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 Remove the MD5 setting and change the RSA keySize value to 2048: jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 2048, DSA keySize < 1024, EC keySize < 224 Find: jdk.tls.disabledAlgorithms The default value is: jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL Remove the MD5withRSA, anon, and NULL sections. In the case of the default it would now look like this: jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC (Note: if DH Keysize is a different value, leave it alone). ----------- jre 1.8.0_191 and jre 1.8.0_8x Find the following line... jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 Remove the MD5 setting and change the RSA keySize value to 2048: jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, \ RSA keySize < 2048, DSA keySize < 1024, EC keySize < 224 Find: jdk.tls.disabledAlgorithms The default value is: jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 Remove the MD5withRSA section. In the case of the default it would now look like this: jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 (Note: if DH Keysize is a different value, leave it alone). ----------- jre1.8.0_7x Find and change the following two lines as follows... Find: jdk.certpath.disabledAlgorithms The default value is: jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 Remove the MD5 section. In the case of the default it would now look like this: jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 Find: jdk.tls.disabledAlgorithms The default value is: jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 Remove the MD5withRSA section. In the case of the default it would now look like this: jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 (Note: if DH Keysize is a different value, leave it alone). ----------- Save the file, then restart the brower and prowse to https://hostname:3946 to launch the Web Services Interface.
Notes
Oracle has indicated that all browser plugins will be disabled with Java 9 when it is released, effectively breaking support for the BackupEDGE Web Services Interface. This MAY end support for the Interface, although we are researching alternatives. Ask your desktop administrator if this change to Java security will affect any other applications. If our Java interface support ends, you'll still be able to run EDGEMENU through the Character interface from the console or remotely via any popular terminal emulator such as PuTTY, Anzio, etc. Updated 2021-02-18
See Also

Get a printer-friendly version of this document

Last Updated - 2022/01/03

Top

Blog | Virtualization - P2V | Re-Activation Policies | Newsletters | Security Information | Support End-Of-Life

©Copyright 1999 - 2022 by Microlite Corporation. All Rights Reserved

Legal » Contact » About Microlite

MENU