Forum Discussion

cbrzana's avatar
cbrzana
Occasional Contributor
9 years ago
Solved

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not

I am unable to get any request to pass that requires a cert. The error I see is:

 

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

 

Based on information found elsewhere, I tried commenting out the line:

#jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

 

from the \jre\lib\security directory of the java instance used by Ready API. I am seeing this in multiple versions of ReadyAPI, including the latest 1.5.0-m SNAPSHOT build.

 

I also have SoapUI Pro 5.1.2 installed on the same machine and do not have this same issue.

  • cbrzana's avatar
    cbrzana
    9 years ago

    Working with SmartBear support, they were able to help identify the issue. Here are the details in the event anybody else runs into this in the future:

     

    Starting with Ready API 1.4 they began using Java 1.8 which uses TLS 1.2 as default (as opposed to 1.1 which java 1.7 uses). Adding "-Dsoapui.sslcontext.algorithm=TLSv1" to the ReadyAPI.vmoptions file plus commenting out  "jdk.certpath.disabledAlgorithms" line in java security fixes the issue we were having with certs.

2 Replies

Sort By
    • cbrzana's avatar
      cbrzana
      Occasional Contributor
      9 years ago

      Working with SmartBear support, they were able to help identify the issue. Here are the details in the event anybody else runs into this in the future:

       

      Starting with Ready API 1.4 they began using Java 1.8 which uses TLS 1.2 as default (as opposed to 1.1 which java 1.7 uses). Adding "-Dsoapui.sslcontext.algorithm=TLSv1" to the ReadyAPI.vmoptions file plus commenting out  "jdk.certpath.disabledAlgorithms" line in java security fixes the issue we were having with certs.