1,问题背景
工行B2C支付,订单查询请求使用HttpURLConnection,需要将pfx文件转换成jks文件,转换后请求报错:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
2,相关文档
http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7113275
3,解决方案
(1)更新jdk版本
(2)
In attempt to tighten security the Java team intentionally is disabling MD2 and RSA algorithms in latest Java releases which breaks the TiVo RPC authentication scheme. To re-enable you can edit:c:\Program Files (x86)\Java\jre7\lib\security\java.security
Then look for this line:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
comment it out like this:#jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
最终解决方案:
按照上述方法转换的jks文件,无法通过安全验证。需要导入两个文件。