I was doing system security updates and general maintenance this past weekend and noticed that our OpenFire server wasn’t using the proper certificate. So I installed our updated 2048 bit wildcard SSL cert but now when I try to access it under the Openfire Identity Certificate Store I receive the following error:
java.security.NoSuchAlgorithmException: SHA256WITHRSA AlgorithmParameters not available
I can’t see anything in my /etc/java-7-openjdk/security/java.security which I’ve attached. Anyone have any ideas?
java.security.zip (1155 Bytes)
I think I just fixed this on my installation by getting rid of this argument I had added to my JVM startup a while ago: -Dcom.sun.net.ssl.enableECC=false
So I was hitting this today. I found that restarting Openfire would ‘heal’ this problem and Openfire would not emit that error anymore when viewing the cert. Tagging @Guus der Kinderen for his comments on that aspect.
For @Chris Chiappa, where did you have that JVM startup argument set? I think that simply restarting is all that’s necessary. I think the enableECC setting is not related to the issue at hand.
I’m pretty sure I had restarted the serve a couple of times to no effect, but you’re right that enableECC does seem like a red herring here. I’m running on Debian, so I had that set in DAEMON_OPTS in /etc/default/openfire:
DAEMON_OPTS="-Dcom.sun.net.ssl.enableECC=false -Xms256m -Xmx512m"
OF-1101 java.security.NoSuchAlgorithmException: SHA256WITHRSA AlgorithmParameters not available - Jive Software Open S… is now filed.
I just verified that re-adding enableECC=false did not reintroduce the problem (although with the caveat that the code I’m running with is now closer to the development tip than the 4.0.1 release)