Table of Contents

Sun - Java

Oracle Java SE Support Roadmap
Java.com - How do I arrange a silent (unattended) Java installation?

Blogposts/Articles

Panda's Blog - Disable Java Auto Update through GPO describes how you can set EnableJavaUpdate DWORD in the registry below HKLM\SOFTWARE\JavaSoft\Java Update\Policy to 0 via GPO.

Sun Java 1.6.0_19 and higher is causing a security warning for WebSphere/Rational Host On-Demand clients
Oracle Java SE Documentation - Mixing Signed and Unsigned Code Ensuring Application and Applet Security

Troubleshooting

Error: 25099 during Java installation (file in use)

Algorithm constraints check failed: MD5withRSA

Tested with Java Runtime 1.8 update 77.

When starting a Java applet, in this case a Supermicro remote IPMI console, you are greeted with the message:

“Failed to validate certificate. The application will not be executed.”

Clicking on More Information… shows:

“PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA”

In other words: Java 1.8 update 77 is set to no longer allow certificate with an MD5 signature.

To work around this:

  1. Open <java install location>\lib\security\java.security in an (elevated) text editor.
    1. In this case: C:\Program Files (x86)\Java\jre1.8.0_77\lib\security\java.security
  2. Find the following line:
    jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
  3. Prefix it with a # so it looks like this:
    #jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
  4. Add the following line below the previous line to allow the use of MD5 certificates:
    jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
  5. Restart the browser and try accessing the Java application again, if no further Java constraints are met it should now work.

Source: CA Communities - TECH TIP: "Failed to validate certificate" error on launching Live Health with Java 1.7u40 and later