JBoss EAP datasource connection throws "Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=SSL_Self_Signed_Fallback."

Solution Verified - Updated -

Issue

  • Issues connecting to server using RSA 1024 bit certificate after upgrading to RHEL 8.

  • Getting the following error

    Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1236)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1158)
        ...
    ... 34 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=example.  Usage was tls server
    at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817)
    at sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:419)
    ...

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP) 7
  • Red Hat Enterprise Linux (RHEL) 8
  • OpenJDK from RHEL packages

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content