I got this Exception:
CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate:...
I think the cert (i can not change it) which comes from an read only DC is using only 1024 bit encryption.
I tried to set the parameters:
-Djava.security.debug=certpath
on OPENFIRE_OPTS
and
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
jdk.tls.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
jdk.security.legacyAlgorithms=SHA1, MD5, RSA keySize < 1024, DSA keySize < 2048
in the jvm’s java.security file with no luck.
After enabling ldap.debugEnabled i can see in …/logs/nohup.out the following line:
certpath: Constraints: RSA keySize < 2048
So the problem is, i can not connect via ldaps to dc… ldap without ssl works.
OS: RHEL 8.3
OF: 4.7 Master, OpenJDK 11
LDAP-Server: Windows Server 2012 R2