3253886 - AS Java connection to application fails - CertPathValidatorException: Algorithm constraints check failed on signature algorithm

AS Java cannot reach some SAP or custom application via SSL connection.

Error is dropped on UI screen:

ERR_TUNNEL_CONNECTION_FAILED

Following exception can be experienced in defaultTrace files:

[...]
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
[...]
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
[...]
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: <name of the algorythm>
[...]

• SAP NeTweaver Appliaction server java all versions
• SAP Java Virtual Machine all versions

SAP JVM, JVM cryptolib, JVM SSL, SSL, TLS, JVM, Java Virtual Machine , KBA , BC-JVM , SAP Java Virtual Machine , BC-JAS-SEC-CPG , Cryptography , Problem