JBoss EAP datasource connection throws "Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=SSL_Self_Signed_Fallback."

Solution Verified - Updated -

Issue

  • Issues connecting to server using RSA 1024 bit certificate after upgrading to RHEL 8.
  • Getting the following error

    Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1236)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1158)
            ...
        ... 34 more
    Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=example.  Usage was tls server
        at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817)
        at sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:419)
        ...
    

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP) 7
  • Red Hat Enterprise Linux (RHEL) 8
  • OpenJDK from RHEL packages

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In