Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53288

Signature verification failed in update site 'default' (again)

XMLWordPrintable

      I have applied proposed fix from JENKINS-31089 and this is my line in `/usr/lib/jvm/java-openjdk/jre/lib/security/java.security`:

      jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
    RSA keySize < 512, DSA keySize < 1024, EC keySize < 224

      But still I'm seeing this in Jenkins 2.121.3 log:

      Aug 28, 2018 3:20:15 PM hudson.model.UpdateSite updateData
SEVERE: ERROR: Signature verification failed in update site &#039;default&#039; <a href='#' class='showDetails'>(show details)</a><pre style='display:none'>java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=Community Update Center, O=Jenkins Project, ST=California, C=US.<br>	at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817)

      Java:

      $ java -version
openjdk version "1.8.0_181"
OpenJDK Runtime Environment (build 1.8.0_181-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)

      Attached `java.security` from Fedora 28, I can't spot any place where RSA 1024 is blocked.

        1. java.security
          40 kB

            Unassigned Unassigned
            akostadinov akostadinov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: