Thursday, 2 May 2024

After Java Upgrade Cannot Access Forms (Error - java.security.cert.CertPathValidatorException: denyAfter constraint check failed: SHA1 ...)



Cannot Access Forms
(Error - java.security.cert.CertPathValidatorException:
denyAfter constraint check failed: SHA1 ... )

After JRE Upgrade to 8u351 (1.8.0_351)

The issue is caused by JARs signed with SHA-1 algorithms that are restricted by default
and treated as if they were unsigned, starting from the Oracle Java Version 8 Update 351.

Fix :
UPDATE The file - [installation_path]\server\java\jre\lib\security\java.security

Change the following from:
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
    include jdk.disabled.namedCurves, \
    SHA1 usage SignedJAR & denyAfter 2019-01-01   <<<---- SHA1

to:

jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
    include jdk.disabled.namedCurves
Change the following from:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves, \
      SHA1 denyAfter 2019-01-01               <<<---- SHA1

to:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves

No comments:

Post a Comment