error.sun.security.validator.validatorexception: Certificate signature algorithm disabled

Question

In the recent Java update of 1.8.0_151, I am starting to get an exception when I use a library that let's you push documents to Google Drive

error.sun.security.validator.validatorexception: Certificate signature algorithm disabled

Regardless of the code used to produce it, what does this exception mean? Did anyone face it and know a work around for it? It never happened in any previous Java version

Thanks

Answer 1

It would help to have the stacktrace but probably you skipped 14x and the code is using HTTPS or other TLS to some Google (or perhaps other?) server with a SHA1-signed cert in its chain, because 141 up disable such certs if default trusted which Google is; see http://www.oracle.com/technetwork/java/javase/8u141-relnotes-3720385.html#NewFeature . Incidentally 151 was 3 months ago and 141 5 months ago -- and SHA1 certs for public TLS have been officially prohibited for almost 3 years and SHA1 was actually broken for collision almost a year ago.

If that is indeed the problem, you can work around it by editing jdk.certpath.disabledAlgorithms in JRE/lib/security/java.security to remove this item, but it's probably a better solution to look for a server that uses an up-to-date certificate chain. If the library doesn't expose what server(s) it's talking to when this occurs, you could turn on tracing per JSSERefGuide (although this produces a lot of cruft to sort through) or depending on platform and environment (which you didn't identify) you may have other network monitoring or tracing tools to use.