OES11g - Getting MD5withRSA failure during Java SM creation (Doc ID 1641135.1)

Last updated on JULY 17, 2017

Applies to:

Oracle Entitlements Server - Version 11.1.2.1.0 to 11.1.2.3.0 [Release 11g]
Information in this document applies to any platform.

Symptoms

Using Java 7, create a Java SM and get the Algorithm constraints check failed: MD5withRSA exception, as follow

$export JAVA_HOME=/oes11gr22/JAVA/jdk1.7.0_40/
$./config.sh -smConfigId Sample-SM -prpFileName /oes11gr22/OES_SM/oessm/SMConfigTool/smconfig.java.controlled.prp
Configuring for Controlled Policy Distribution Mode
Security Module configuration is created at: /oes11gr22/OES_SM/oes_sm_instances/Sample-SM
Enter password for key stores:
Enter password for key stores again:
Passwords are saved in credential store.
Keystores are initialized successfully.
Please enter a value for OES Admin Server User name:weblogic
Please enter a value for OES Admin Server Password:
Please re-enter a value for OES Admin Server Password:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed:
       at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
       at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
       at java.io.OutputStream.write(OutputStream.java:75)
       at oracle.security.oes.enroll.EnrollmentClient.writeToSocket(EnrollmentClient.java:339)
       at oracle.security.oes.enroll.EnrollmentClient.enroll(EnrollmentClient.java:163)
       at oracle.security.oes.enroll.EnrollmentClient.main(EnrollmentClient.java:507)
       at oracle.security.oes.tools.EnrollmentTool.doEnroll(EnrollmentTool.java:103)
       at oracle.security.oes.tools.SMConfigTool.doEnrollment(SMConfigTool.java:1231)
       at oracle.security.oes.tools.SMConfigTool.run(SMConfigTool.java:656)
       at oracle.security.oes.tools.SMConfigTool.main(SMConfigTool.java:585)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
       at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
       at sun.security.validator.Validator.validate(Validator.java:260)
       at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
       at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
       at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
       ... 15 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA
       at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
       at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
       at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
       at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
       at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
       ... 21 more
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed:
Enrollment is not proceeded successfully.

 

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms