0

我最近升级到 Java 1.7 补丁 40。之后,当我尝试访问 introscope 时,我收到以下错误:“无法验证证书。应用程序将不会被执行”。堆栈跟踪是:

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: algorithm constraints check failed
at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException: algorithm constraints check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
... 21 more

我使用的内窥镜版本是 8.2.2。有没有办法将 introscope 配置为与 JRE 7 一起使用?我可以考虑哪些解决方案?为什么 introscope 不能与 JRE 7 一起使用?

谢谢你的帮助。

4

2 回答 2

1

我在 CA 论坛上找到了这个答案,(但该页面不再可用......):

http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html#AppB ---摘自上述链接---从JDK 7u40版本开始,jdk的默认值.certpath.disabledAlgorithms 如下: jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 这意味着不会使用涉及MD2的签名算法来验证证书。并且限制使用长度小于 1024 位的 RSA 密钥大小的证书。---摘自以上链接---

java.security 文件位于客户端计算机的 Java/JRE 安装目录 (jre/lib/security/java.security) 中。
在 Java 1.7.0_40 中,java.security 默认具有以下设置:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

将 1024 更改为 256 将解决此问题。

于 2013-11-26T13:51:56.517 回答
0

运行 Java 的 ContolPanel 并减少您的安全设置。警告——此设置适用于所有小程序和 Java Web Start (jnlp) 应用程序。

于 2013-11-14T21:10:22.117 回答