Java – JNLP – Error – “Weak signature algorithm MD5withRSA”

Background

Trying to access a Java Web Application, but running into an error.

Error

The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned

Image

Body

Detail

Textual

Unsigned application requesting unrestricted access to system
The following resource is signed with a weak signature algorithm
MD5withRSA and is treated as unsigned.

http://hod/hod/WSCachedSupporter2.jar

 

 

Remediation

Outline

  1. Identify JRE
  2. Access lib\security folder
  3. Edit java.security
    • jdk.jar.disabledAlgorithms
      • Search out jdk.jar.disabledAlgorithms
      • Comment out reference to MD5

Steps

Access Control Panel Applet – Java
Access Control Panel Applet – Java – Tab – General

Access Control Panel Applet – Java – Tab – java

Access Control Panel Applet – Java – Tab – java – view – Java Runtime Environment Settings

Image

Explanation

  1. Settings
    • C:\Program Files\Java\jre1.8.0_131\bin\javaw.exe
      • Architecture :- x86_64
    • C:\Program Files (x86)\Java\jre7\bin\javaw.exe
      • Architecture :- x86
Folder :- Lib\security

Once we know the path to our JRE, we will navigate to the lib\security folder.

In our case the JRE path is C:\Program Files\Java\jre1.8.0_131.

The version number of Java is 1.8.0_131.  Major Version is 1.8.0 and minor version is 131.

Folder :- Lib\security – Files

 

Folder :- Lib\security – File – java.security

Original

Revised

Explanation
  1. Remove MD5 from the list of disabled Algorithms
  2. Data
    • Original
      • jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
    • Revised
      • # dadeniji 2017-11-3 2:34 PM
        #jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
        jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

 

Error :- Application Blocked By Java Security – Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running

Image

Textual

Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running

Remediate

Outline

Add Applications URL to Security Exception list

  1. Access MS Windows Control Panel
  2. Launch Java Applet
  3. Within Java Control Panel
    • Access Security Tab
      • Review “Exception Site List
      • Click the “Edit Site List” button to manage the list
    • In the “Exception Site List” window
      • Click the Add button to add new sites
      • And, the Remove button to remove existing ones
      • Please note that you can not amend existing entries
        • Go ahead and a new one
        • And, remove the former

Images

Java Control Panel – Tab – Security
Java Control Panel – Tab – Security – 01

Java Control Panel – Tab – Security – 02 [ Empty Exception Site List]

Java Control Panel – Tab – Security – 03 [ Added URL ]

 

Java Control Panel – Tab – Security – 04 [ Added URL ]

 

Java Control Panel – Tab – Security – 05 [ Confirm Security Risk ]

 

Works

Now everything is working…

We have access to mainframe 3270 terminals from any browser.

Dedicated

como siempre, nothing new here…

  1. Zhaojun’s Blog
    • a quick workaround to fix the unsigned JNLP issue after Java upgraded to version 8 update 131
      Published On :- 2017-May-5th
      Link
  2. InfoPackets.com
    • Dennis Faas
      • How to Fix: Java ‘Expired or not-yet-valid Certificate’ Error
        Link

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s