Forum Discussion

cbrzana's avatar
cbrzana
Occasional Contributor
9 years ago

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not

I am unable to get any request to pass that requires a cert. The error I see is:

 

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

 

Based on information found elsewhere, I tried commenting out the line:

#jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

 

from the \jre\lib\security directory of the java instance used by Ready API. I am seeing this in multiple versions of ReadyAPI, including the latest 1.5.0-m SNAPSHOT build.

 

I also have SoapUI Pro 5.1.2 installed on the same machine and do not have this same issue.

  • cbrzana's avatar
    cbrzana
    9 years ago

    Working with SmartBear support, they were able to help identify the issue. Here are the details in the event anybody else runs into this in the future:

     

    Starting with Ready API 1.4 they began using Java 1.8 which uses TLS 1.2 as default (as opposed to 1.1 which java 1.7 uses). Adding "-Dsoapui.sslcontext.algorithm=TLSv1" to the ReadyAPI.vmoptions file plus commenting out  "jdk.certpath.disabledAlgorithms" line in java security fixes the issue we were having with certs.

    • cbrzana's avatar
      cbrzana
      Occasional Contributor

      Working with SmartBear support, they were able to help identify the issue. Here are the details in the event anybody else runs into this in the future:

       

      Starting with Ready API 1.4 they began using Java 1.8 which uses TLS 1.2 as default (as opposed to 1.1 which java 1.7 uses). Adding "-Dsoapui.sslcontext.algorithm=TLSv1" to the ReadyAPI.vmoptions file plus commenting out  "jdk.certpath.disabledAlgorithms" line in java security fixes the issue we were having with certs.