Symptom
AS Java cannot reach some SAP or custom application via SSL connection.
Error is dropped on UI screen:
ERR_TUNNEL_CONNECTION_FAILED
Following exception can be experienced in defaultTrace files:
[...]
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
[...]
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
[...]
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: <name of the algorythm>
[...]
Read more...
Environment
- SAP NeTweaver Appliaction server java all versions
- SAP Java Virtual Machine all versions
Product
Keywords
SAP JVM, JVM cryptolib, JVM SSL, SSL, TLS, JVM, Java Virtual Machine , KBA , BC-JVM , SAP Java Virtual Machine , BC-JAS-SEC-CPG , Cryptography , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.