Table of Contents
Sun - Java
Blogposts/Articles
Panda's Blog - Disable Java Auto Update through GPO describes how you can set EnableJavaUpdate DWORD in the registry below HKLM\SOFTWARE\JavaSoft\Java Update\Policy to 0 via GPO.
Sun Java 1.6.0_19 and higher is causing a security warning for WebSphere/Rational Host On-Demand clients
Oracle Java SE Documentation - Mixing Signed and Unsigned Code Ensuring Application and Applet Security
Troubleshooting
Error: 25099 during Java installation (file in use)
Algorithm constraints check failed: MD5withRSA
Tested with Java Runtime 1.8 update 77.
When starting a Java applet, in this case a Supermicro remote IPMI console, you are greeted with the message:
“Failed to validate certificate. The application will not be executed.”
Clicking on More Information… shows:
“PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA”
In other words: Java 1.8 update 77 is set to no longer allow certificate with an MD5 signature.
To work around this:
- Open <java install location>\lib\security\java.security in an (elevated) text editor.
- In this case: C:\Program Files (x86)\Java\jre1.8.0_77\lib\security\java.security
- Find the following line:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
- Prefix it with a # so it looks like this:
#jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
- Add the following line below the previous line to allow the use of MD5 certificates:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
- Restart the browser and try accessing the Java application again, if no further Java constraints are met it should now work.