Skip to Main Content
Forums

Java SE (Java Platform, Standard Edition)

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Another "MD2withRSA is disabled" question/problem

888343Sep 15 2011 — edited Sep 20 2011
So I've been reading why this is an issue with the newer JREs. However, in my case, I have jars with both types of certificates in the chain. For example:

Certificate[1]:
Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: 70bae41d10d92934b638ca7b03ccbabf
Valid from: Sun Jan 28 16:00:00 PST 1996 until: Tue Aug 01 16:59:59 PDT 2028
Certificate fingerprints:
MD5: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
SHA1: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
Signature algorithm name: MD2withRSA
Version: 1

Certificate[2]:
Owner: CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: 4191a15a3978dfcf496566381d4c75c2
Valid from: Thu Jul 15 17:00:00 PDT 2004 until: Tue Jul 15 16:59:59 PDT 2014
Certificate fingerprints:
MD5: 63:FE:60:C5:5A:44:AF:8E:E2:11:5A:27:62:2A:B0:7C
SHA1: 19:7A:4A:EB:DB:25:F0:17:00:79:BB:8C:73:CB:2D:65:5E:00:18:A4
Signature algorithm name: SHA1withRSA
Version: 3

I'm getting the following warning:
The publisher cannot be verified by a trusted source. Code will be treated as unsigned.

Name: appletPlugin
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorExccpetion: algorithm check failed: MD2withRSA is disabled

What is the expected behavior? Can't it go through the chain and look for the SHA1withRSA certificate (e.g. the 2nd cert in my sample)? What needs to be done? Does the first cert need to be removed?

I'm not sure I understand the problem fully, but is it possible that I'm still seeing this bug:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6948803

However, based on the bug report, it should be fixed in u21, but I've also tried u27 with same results.

Anyone have any ideas?? PLEASE???

Edited by: user13285421 on Sep 20, 2011 12:48 PM
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Oct 18 2011
Added on Sep 15 2011
#java-runtime-environment-jre
1 comment
383 views