Monitoring, Management & Location Tracking

VisualRF and IAP loss communication after installing custom certificate in Airwave

MVP Expert
MVP Expert
Problem:

VisualRF engine and all IAP devices in Airwave showing status as down after installing custom certificate



Diagnostics:

VisualRF log

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

    at sun.security.ssl.Alerts.getSSLException(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

    at sun.security.ssl.Handshaker.processLoop(Unknown Source)

    at sun.security.ssl.Handshaker.process_record(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

      at com.airwave.core.AbstractService.run(AbstractService.java:474)

    at java.lang.Thread.run(Unknown Source)

 

2018-06-15 15:47:19,597 ERROR Inventory    com.airwave.svg.AmpInventoryServiceImpl Service [Inventory] is shutting down due to the error[java.security.cert.CertificateException: Certificates does not conform to algorithm constraints]

2018-06-15 15:47:19,597 ERROR Inventory    com.airwave.svg.AmpInventoryServiceImpl run

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

    at sun.security.ssl.Alerts.getSSLException(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

 

Signed certificate details

 



Solution

 

We see javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints messages if we are using Signature algorithm SHA1withRSA WEAK

'

In VisualRF Java file SHA1 is not supported and same file is used for instant too, due to this both went down after installing certificate.

 

To fix, we need to sign generated CSR using algorithm SHA2 and higher.

Version history
Revision #:
2 of 2
Last update:
‎06-08-2019 01:20 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: