Default x.509 Certificates Have Longer Key Length

Openening a java application fails with the following error (Failed to validate certificate):

 

Untitled

 

 

Starting from 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted. This restriction is applied via the Java Security property, jdk.certpath.disabledAlgorithms. The default value of jdk.certpath.disabledAlgorithms is now as follows:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

In order to avoid the compatibility issue, users who use X.509 certificates with RSA keys less than 1024 bits, are recommended to update their certificates with stronger keys. As a workaround, at their own risk, users can adjust the key size to permit smaller key sizes through the security property jdk.certpath.disabledAlgorithms.

 

Open the java.security file which is located in your client machine’s Java/JRE installed directory (e.g. C:\Program Files (x86)\Java\jre7\lib\security)

Look for this line:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Change 1024 to 256 and save.

Now you can open the java application.

 

It looks like every java updates reset this parameter to 1024 so you need to change it to 256 each time you have upgraded java.

Leave a Reply

Your email address will not be published. Required fields are marked *