Self signed certificates for https not working on IBM AIX 7.x

lafr May 3, 2018 5:48 PM

For genearations of JBossAS / Wildfly AS we have been using self signed certificates for https access.

It's generated with this command: $JAVA_HOME/jre/bin/keytool -genkey -alias mbicert -keyalg RSA -sigalg MD5withRSA -keystore $KEYSTOREFILE -storepass $KEYSTOREPASS -dname "cn=$MACHINE" -keypass $KEYSTOREPASS -validity 9999

This still works fine on Solaris 10, Windows Server 2012R2, ... just fine, but now we encounter problems on IBM AIX 7, Java 8, Wildfly 10.

Internet Explorer and Mozilla Firefox say, that they cannot establish a (secure) connection. See (German) Firefox example below.

Anyone who can help us to solve thi issue?

1. Re: Self signed certificates for https not working on IBM AIX 7.x

mchoma May 4, 2018 2:20 AM (in response to lafr)

Explicit usage of MD5withRSA seems suspicious to me. At least looking into my jdk1.8.0_172 java.security file I see MD5 beeing disabled by default, e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA ...
Isn't java different on different systems? Running -Djavax.net.debug=all can reveal details.
1 of 1 people found this helpful
Actions
2. Re: Self signed certificates for https not working on IBM AIX 7.x

lafr May 4, 2018 5:18 PM (in response to mchoma)

Thanks Martin.

Changing the algorithm from MD5withRSA to SHA256withRSA seems to have fixed this issue.
https is working on the two IBM machines as far as I can say for now.
More tests have to follow.
Actions

Go to original post