Technical Support Pages

 

Title
Java Web Services Interface Stopped Working with Java 1.8.0_71 or later (Version 8 Update 71 or later)
Keywords
Java Web Services Security Certificate
Product Release(s)
03.02.0x 03.01.0x 03.00.0x
Operating System(s)
All Supported
Problem Description
I can't launch EDGEMENU via the Web Services Interface after installing Java Version 8 Update 71 or later. The error I get is:
Error Negotiating: jn_negotiate error sending http reQ javax.net.ssl.SSLHandshaKeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
Cause
Security Updates in Java 8 Update 71 or later are not compatible with our Java signed certificate by default.
Solution
You'll need to edit the Java Security settings on the desktop client to restore compatibility. In Windows this file is TYPICALLY:
C:\Program Files (x86)\Java\[latest_jrel]\lib\security\java.security
for example.
C:\Program Files (x86)\Java\jre1.8.0_71\lib\security\java.security
C:\Program Files (x86)\Java\jre1.8.0_73\lib\security\java.security
C:\Program Files (x86)\Java\jre1.8.0_191\lib\security\java.security
C:\Program Files (x86)\Java\jre1.8.0_201\lib\security\java.security

In other words, find the \lib\security directory in the latest jrel.8.x directory and edit java.security.

If you've installed Java in a different directory, you'll need to search for the iappropriate java.security file.

Edit the file (you can use "notebook" in Administrator Mode).

-----------
jre 1.8.0_201
Find the following line...

  jdk.certpath.disabledAlgorithms

The default value is:

  jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
  RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 


Remove the MD5 setting and change the RSA keySize value to 2048:

  jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, \
  RSA keySize < 2048, DSA keySize < 1024, EC keySize < 224 


Find:

  jdk.tls.disabledAlgorithms
The default value is:
 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
  EC keySize < 224, 3DES_EDE_CBC, anon, NULL

Remove the MD5withRSA, anon, and NULL sections. In the case of the default it would now look like this:

  jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, DH keySize < 1024, \
  EC keySize < 224, 3DES_EDE_CBC

(Note: if DH Keysize is a different value, leave it alone).

-----------
jre 1.8.0_191 and jre1.8.0_8x
Find the following line...

  jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
  RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 


Remove the MD5 setting and change the RSA keySize value to 2048:

  jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, \
  RSA keySize < 2048, DSA keySize < 1024, EC keySize < 224 


Find:

  jdk.tls.disabledAlgorithms
The default value is:
  jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
Remove the MD5withRSA section. In the case of the default it would now look like this:
  jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
(Note: if DH Keysize is a different value, leave it alone).

-----------
jre1.8.0_7x
Find and change the following two lines as follows...


Find:

  jdk.certpath.disabledAlgorithms
The default value is:
  jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
Remove the MD5 section. In the case of the default it would now look like this:
  jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024


Find:
  jdk.tls.disabledAlgorithms
The default value is:
  jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
Remove the MD5withRSA section. In the case of the default it would now look like this:
  jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
(Note: if DH Keysize is a different value, leave it alone).
-----------
Save the file, then restart the brower and prowse to https://hostname:3946 to launch the Web Services Interface.

Notes
Oracle has indicated that all browser plugins will be disabled with Java 9 when it is released, effectively breaking support for the BackupEDGE Web Services Interface. This MAY end support for the Interface, although we are researching alternatives.

Ask your desktop administrator if this change to Java security will affect any other applications.

If our Java interface support ends, you'll still be able to run EDGEMENU through the Character interface from the console or remotely via any popular terminal emulator such as PuTTY, Anzio, etc.
Updated 2019-03-11

See Also
Get a printer-friendly version of this document

 

 

Last Updated - 2018/05/16

 

Top
MENU