Certificates does not conform to algorithm constraints

最新推荐文章于 2022-05-12 14:36:20 发布
最新推荐文章于 2022-05-12 14:36:20 发布
阅读量1.2k 收藏
点赞数
分类专栏: 爬虫 遇见的异常
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/albg_boy/article/details/76557335
版权

遇见问题


    在爬取北京移动网厅时,遇见问题:

SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
	at com.geotmt.base.common.HttpsUtil2.post(HttpsUtil2.java:102)
	at com.geotmt.base.common.HttpsUtil2.main(HttpsUtil2.java:124)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
	... 15 more


解决办法:


     在网上百度一下,说是jdk6以后对于jdk.certpath.disabledAlgorithms 有加强了限制。该配置路径在jre\lib\security\java.security中,改造是将jdk.certpath.disabledAlgorithms 后面的配置删除掉。


    但是对于该jdk配置,本人因能力有限,不敢这么来。


    而是否又会有很么影响,还在探索中。。。。

# Algorithm restrictions for certification path (CertPath) processing
#
# In some environments, certain algorithms or key lengths may be undesirable
# for certification path building and validation.  For example, "MD2" is
# generally no longer considered to be a secure hash algorithm.  This section
# describes the mechanism for disabling algorithms based on algorithm name
# and/or key length.  This includes algorithms used in certificates, as well
# as revocation information such as CRLs and signed OCSP Responses.
#
# The syntax of the disabled algorithm string is described as this Java
# BNF-style:
#   DisabledAlgorithms:
#       " DisabledAlgorithm { , DisabledAlgorithm } "
#
#   DisabledAlgorithm:
#       AlgorithmName [Constraint]
#
#   AlgorithmName:
#       (see below)
#
#   Constraint:
#       KeySizeConstraint
#
#   KeySizeConstraint:
#       keySize Operator DecimalInteger
#
#   Operator:
#       <= | < | == | != | >= | >
#
#   DecimalInteger:
#       DecimalDigits
#
#   DecimalDigits:
#       DecimalDigit {DecimalDigit}
#
#   DecimalDigit: one of
#       1 2 3 4 5 6 7 8 9 0
#
# The "AlgorithmName" is the standard algorithm name of the disabled
# algorithm. See "Java Cryptography Architecture Standard Algorithm Name
# Documentation" for information about Standard Algorithm Names.  Matching
# is performed using a case-insensitive sub-element matching rule.  (For
# example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
# "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
# sub-element of the certificate algorithm name, the algorithm will be
# rejected during certification path building and validation.  For example,
# the assertion algorithm name "DSA" will disable all certificate algorithms
# that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
# will not disable algorithms related to "ECDSA".
#
# A "Constraint" provides further guidance for the algorithm being specified.
# The "KeySizeConstraint" requires a key of a valid size range if the
# "AlgorithmName" is of a key algorithm.  The "DecimalInteger" indicates the
# key size specified in number of bits.  For example, "RSA keySize <= 1024"
# indicates that any RSA key with key size less than or equal to 1024 bits
# should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates
# that any RSA key with key size less than 1024 or greater than 2048 should
# be disabled. Note that the "KeySizeConstraint" only makes sense to key
# algorithms.
#
# Note: This property is currently used by Oracle's PKIX implementation. It
# is not guaranteed to be examined and used by other implementations.
#
# Example:
#   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=


风少年~
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
终极解决方案:java.security.cert.CertificateException: Certificates does not conform to algorithm constrain...
weixin_34062469的博客
09-06 1756
报错信息 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints 原因:   JDK7/8后添加了安全机制,导致这个问题出现 解决方案: 方案一:  把$JAVA_HOME/jr...
Certificates does not conform to algorithm constraints 解决方案
InterestAndFun的博客
09-19 1637
中关于MD5的算法都去掉就成功了。由于我的系统接入别人的系统,证书编码格式不清除,所以只能一个个摸索。如果是自己的系统,知道域名证书的具体编码格式,那就好办多了,将编码格式移除即可。我的配置在修改之后,清除缓存生效了,但是我明白之前为什么会出现这个问题,我将配置修改回来原本的配置,清除浏览器缓存,结果又能正常访问了。然后过了一个多小时之后,问题再一次出现。证书不符合算法约束,那就是我们的jdk算法约束出现了点问题。原本好好的项目突然运行出现这个错误。
Certificates does not conform to algorithm constraints 异常的解决方法
To simple, to wonderful
10-10 9734
在运行项目,在网站上执行 HTTPS 请求时,会报如下异常:  javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException: Certificates does not conform to algorithm constraints 原因是 Java 7/8 版本增加了安全性,解决方法是 把 JAVA
HTTPS解决异常Certificates does not conform to algorithm constraints
chenyuewen1987的博客
07-08 1374
原因 在进行SSL握手时,所采用的证书算法不符合约束条件。 方案一 $JAVA_HOME/jre/lib/security/java.security 把其中的配置项: #jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize...
Certificates does not conform to algorithm
iteye_4234的博客
12-04 190
  1,问题背景   工行B2C支付,订单查询请求使用HttpURLConnection,需要将pfx文件转换成jks文件,转换后请求报错: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm co...
解決 java.security.cert.CertificateException: Certificates does not conform to algorithm constraints...
weixin_30527551的博客
12-12 683
背景:迁移服务器,每次使用20小时后报此错,重启服务器后又能用了查网,网上的解决方案都是:找到 jre/lib/security/java.security 将 jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 改为 jdk.certpath.disabledAlgorithm...
记一次线上异常:Certificates does not conform to algorithm constraints
weixin_42330402的博客
05-30 2792
在老系统突然发现了一个异常,在https的请求过程中抛出的,因为该业务使用的比较少,加上一直是在老系统中,监控做的并不到位,导致这个异常在现在跑了好久才被发现。异常信息 如下:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to a...
matlab证书错误,HTTPS解决异常Certificates does not conform to algorithm constraints
weixin_39898150的博客
03-17 743
原因在进行SSL握手时,所采用的证书算法不符合约束条件。方案一$JAVA_HOME/jre/lib/security/java.security把其中的配置项:#jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224改成:jdk.cer...
Httpclient https请求出现Certificates does not conform 解决方法
jinwenbiao881126的博客
06-28 2867
https ssl CertificateException
Java_Certificates does not conform to algorithm constraints
weixin_33877092的博客
04-01 362
java.security.cert.CertificateException: Certificates does not conform to algorithm constraints SSL证书问题 出现此错误信息时解决办法: 找到jre路径:JDK_HOME/jre/lib/security/java.security 或JDK目录下的JRE 找到内容:jdk.certpath....
Jenkins无法连接SVN报org.tmatesoft.svn.core.SVNException: svn: E175002: SSL handshake failed:
liming19890713的专栏
09-24 6100
由于服务器升级,新搭建的Jenkins服务器在输入svn连接和账户密码后,提示Unable to access the repository。点击构建后,构建失败提示:org.tmatesoft.svn.core.SVNException: svn: E175002: SSL handshake failed: ‘Certificates do not conform to algorithm constraints’ 起初一直以为是svn插件不对,重装了几次插件后问题依旧。后来又切换了不同版本的Jenki
Eclipse的svn插件报SSL handshake,CertificateException解决方案
god_is_gril的专栏
05-12 996
eclipse svn 提交ssl错误
[Java] 绕过证书验证调 HTTPS 接口时报 “SSLHandshakeException: DHPublicKey does not comply to algorithm constrain...
weixin_34220963的博客
03-07 1571
作者: zyl910 一、缘由 最近有在对接一个无证书的HTTPS接口时,总是收到“SSLHandshakeException: DHPublicKey does not comply to algorithm constraints”异常。 通过浏览器、telnet测试了接口地址,确认了TCP层是通的。看来只是HTTPS层没通。 可是试验了好几个网上找到的“绕过证书验证调HTTPS接口”的办法,...
跳过HTTPS调用时证书SLL问题
糖糖糖糖糖糖分
04-24 1793
今天在对接一个银商的项目接口,测试环境调用,在写调用util的时候,有一些证书相关问题。 对于http换成支持https调用,网上有很多类的重写方法。就不细说了。 先把代码贴一下: (还有2个类,我稍微改下晚点补上代码~) SSLClientUtil.java package com.naka.fizzbuzz; import java.net.Socket; import jav...
CentOS7 安装配置 vsftpd
To simple, to wonderful
11-05 505
安装 vsftpdyum install -y vsftpd编辑 ftp 配置文件vi /etc/vsftpd/vsftpd.confanonymous_enable=NO #anonymous_enable=YESchroot_local_user=YES #去掉前面的注释#chroot_list_enable=YES #chroot_list_file=/etc/vsftpd/chroot_li
secret "elastic-ccs-certificates" not found
最新发布
07-30
"secret "elastic-ccs-certificates" not found" 是一个错误提示信息,出现在使用某个程序或系统时,表示无法找到名为 "elastic-ccs-certificates" 的密钥或凭证。 通常,这个错误可能有以下几个原因: 1. 密钥/凭证未正确创建:可能在创建密钥或凭证时出现了错误,比如拼写错误、格式错误等导致系统无法找到相应的密钥。 解决方法:重新创建密钥或凭证,确保输入正确,经过验证后再使用。 2. 密钥/凭证未正确存储:可能在生成密钥或凭证后未正确存储到系统中,或者存储的位置与程序或系统期望的位置不一致。 解决方法:检查密钥/凭证存储的位置和访问权限,确保程序或系统能够正确获取。 3. 密钥/凭证被删除:若密钥/凭证存在于系统中,但被人为删除了,那么程序或系统就无法再找到它。 解决方法:重新生成密钥/凭证,并确保妥善保管。 综上所述,"secret "elastic-ccs-certificates" not found" 错误通常是由于密钥/凭证的问题引起的。通过仔细检查创建、存储和访问密钥/凭证的过程,可以解决这个问题。如果问题仍然存在,可能需要进一步查看系统日志或咨询相关的技术支持人员以获取更详细的帮助。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值