4

I am getting the following exception while invoking https url in SOAP UI.

java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

from the exception message i can understand it is a handshake error.

Can you help me in solving it?

Improve this question

3 Answers 3

Reset to default
7

After spending lot of time trying to figure out how to get around it, the solution is simple...

JDK7 changed the default Java security settings to disable MD2 algorithm to sign SSL certificates. BUT this can be re-enabled by editing: 

%JDK_HOME%/jre/lib/security/java.security

NOTE: SOAP UI uses its own jre so the same needs to be commented in java.security file under soap ui directory for me it was in:

C:\SoapUI-5.1.3\jre\lib\security

Comment out this property:

jdk.certpath.disabledAlgorithms=MD2

#... becomes ...

#jdk.certpath.disabledAlgorithms=MD2
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

There is one at C:\Program Files\SmartBear\SoapUI-5.6.0\jre\conf\security; in our case we commented all disabledAlgorithms, not only the certpath.disabledAlgorithms ones
0

On Linux the file path mentioned in Kishore Tulsiani's answer is this:

/opt/SmartBear/SoapUI-X.X.X/jre/lib/security/java.security
Improve this answer

1 Comment

I have SOAPUI 5.6.0. To resolve this, I commented out all "disabledAlgorithms" in java.security file.
0

I also faced this issue while doing my local testing and did the following to resolve this.

To resolve this "Certificates do not conform to algorithm constraints" issue in SOAP UI, disable all "disabledAlgorithms" in java.security file. There are many places where disabledAlgorithms could be found in enabled state. So make ensure to disable at all places by searching the text in the file.

If your soapui has inbuilt jre (it means you have installed by running SOAPUI exe downloaded from soap ui url), then java.security file will be found in %SoapUI-5.6.0%\jre\conf\security\ path.

If your soapui installed folder is missing jre folder, it means you have downloaded SoapUI-..*-windows-bin.zip version. In this case, ensure your Windows environment path has %JAVA_HOME%\bin configured from your local jdk. Also look out for java.security file in your %JAVA_HOME%\jre\lib\security\ path. Edit this java.security file and disable all "disabledAlgorithms" in java.security file. There are many places where disabledAlgorithms could be found in enabled state. So make ensure to disable at all places by searching the text in the file.

Whatever be the case, after making changes in java.security file, restart your soapui and then fire your soap request at endpoint.

Note: This is just for skipping/avoiding certificate issues for local testing and never be a replacement for production.

SOAPUI installers can be downloaded from https://www.soapui.org/ Older version of soapui can be found from https://www.soapui.org/downloads/soapui/soapui-os-older-versions/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.