Administer > System security > Secure Sockets Layer (SSL) encryption and server certificates > Re-enable the acceptance of a Java certificate algorithm

Re-enable the acceptance of a Java certificate algorithm

The Service Manager server does not accept Java certificates that are generated by using certain "weak" algorithms. If you used these algorithms to generate your Java certificates, you must regenerate them by using a more complex algorithm, such as RSA. The following is a list of algorithms that are not accepted by default:

  • MD5
  • DSA
  • 3DES_EDE
  • DES_CBC
  • DHE keySize < 1024
  • RC4
  • SSLv3
  • TLSv1
  • ECDH_anon
  • DH_anon
  • NULL
  • DH keySize < 768
  • RSA keySize < 2048

We strongly recommend that you regenerate the Java certificates by using a more complex algorithm.

However, if it is not practical to do so, you can re-enable the acceptance of an algorithm that is disabled by default. To do this, follow these steps:

  1. Open the extra.java.security file that is located in the RUN folder.

  2. Comment out or delete the contents of the file.

  3. Restart the Service Manager server.

Alternatively, you can re-enable the acceptance of specific algorithms. To do this, follow these steps:

  1. Open the extra.java.security file that is located in the RUN folder.

  2. Delete the desired algorithem from the jdk.tls.disabledAlgorithms value list.

  3. Restart the Service Manager server.