Product: Strausphere Fit/UX
Product Version: 5.x
Expires on: 365 days from publish date
Updated: November 4, 2014
Problem: AD import or VM Directory (vCenter) Import returns error "Certificates does not conform to algorithm constraints"
Symptoms: You see an error like the following when attempting AD or VM Directory import:
Remote exception; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
Cause: Stratusphere Hub requires RSA security key size of at least 1024 bits. If the AD server or vCenter does not have the required key size, it will return the error above.
Follow the steps below to remove the settings in the configurations.
- Logon to Stratusphere Hub as friend then switch to root (procedure similar to this: https://liquidwarelabs.zendesk.com/hc/en-us/articles/200962508-How-do-I-Remote-Access-Stratusphere-Appliance-Console-)
- Run the following commands:
cp /usr/java/latest/jre/lib/security/java.security /usr/java/latest/jre/lib/security/java.security.orig;
sed -i 's/, RSA keySize < 1024//g' /usr/java/latest/jre/lib/security/java.security;
Machine then will go down for a reboot. After reboot, run the import again. It will now accept a smaller RSA key.
This changes may be reverted after an upgrade. Repeat the process if the issue returns.