Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1603
Views
0
Helpful
2
Replies

RTMT crashed after login - ERROR rtmt.control - Certificates does not conform to algorithm constraints

Ali Amir
Level 1
Level 1

‎04-04-2017 02:31 AM - edited ‎03-19-2019 12:17 PM

Hi,

I'm not able to login RTMT. As soon as I enter the username and password the jave application of RTMT will be crashed.

CUCM: 11.5.1.12900-21

I've already done follwoings:

1.

keytool -import -file <An Import of CUCM-PUB Webpage Certificate> -alias <some meaningful name> -keystore <C:\Program Files\Java\jre1.8.0_121\lib\security\cacerts>

keytool -import -file <An Import of CUCM-PUB Webpage Certificate> -alias <some meaningful name> -keystore <C:\Program Files\Cisco\Unified Rtmt\JRtmt\jre\lib\security\cacerts>

2. Check the status of disabledAlgorithms and play with different value of these. (CSCuz41194 has been checked)

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

have you any idea?

here is the log

2017-04-01 08:11:02,111 [main] INFO  rtmt.control  - Control:: Started with Control TraceLevelStr:DebugLevel=INFO Applet TraceLevelStr: DebugLevel=FATAL
##########this.filenameconf/rtmt.xml
2017-04-01 08:11:02,173 [main] INFO  rtmt.control  - ======>Enter System
2017-04-01 08:11:02,283 [Thread-1] INFO  rtmt.control  - subpath in  getGlobalVersion is:global
2017-04-01 08:11:02,283 [Thread-1] INFO  rtmt.control  - name in  getGlobalVersion is:ServerVersion.txt
2017-04-01 08:11:02,283 [Thread-1] INFO  rtmt.control  - name in  getGlobalVersion is:ServerVersion.xml
2017-04-01 08:11:02,283 [Thread-1] INFO  rtmt.control  - urlStr in  getGlobalVersion is:/global/ServerVersion.txt
2017-04-01 08:11:02,283 [Thread-1] INFO  rtmt.control  - URL in  getGlobalVersion is:null
2017-04-01 08:11:02,283 [Thread-1] INFO  rtmt.control  - urlStr in  getGlobalVersion is:/global/ServerVersion.xml
2017-04-01 08:11:02,298 [Thread-1] INFO  rtmt.control  - URL in  getGlobalVersion is:file:/C:/Program%20Files/Cisco/Unified%20Rtmt/JRtmt/global/ServerVersion.xml
2017-04-01 08:11:02,314 [Thread-1] INFO  rtmt.control  - isHttp is : false
2017-04-01 08:11:02,314 [Thread-1] INFO  rtmt.control  - Entered fetchVersion, url=file:/C:/Program%20Files/Cisco/Unified%20Rtmt/JRtmt/global/ServerVersion.xml
2017-04-01 08:11:02,314 [Thread-1] INFO  rtmt.control  - In fetchversion after openConnection for https:
2017-04-01 08:11:02,314 [Thread-1] INFO  rtmt.control  - versionStringApplet is : 001
2017-04-01 08:11:02,314 [Thread-1] INFO  rtmt.control  - versionStringControl is : 11.5
2017-04-01 08:11:02,314 [Thread-1] INFO  rtmt.control  - String returned by fetchUrl is : 11.5(001)
2017-04-01 08:11:02,314 [Thread-1] INFO  rtmt.control  - String returned by getGlobalVersion:[Ljava.lang.String;@167be7c
2017-04-01 08:11:02,329 [main] INFO  rtmt.control  - After initialising MainFrame in runRtmtMain()
2017-04-01 08:11:02,345 [main] INFO  rtmt.control  - In method doStart()
2017-04-01 08:11:02,345 [main] INFO  rtmt.control  - In startApp, calling popupAuthenticationDlg
==== user pressed ok for first dialog
2017-04-01 08:11:07,992 [main] INFO  rtmt.control  - Resolved IP address 10.10.0.10 to CUCM-PUB.customer.com
2017-04-01 08:11:08,007 [main] INFO  rtmt.control  - com.cisco.ccm.serviceability.rtmt.security.RtmtCertificateManager:[INFO]:: JavaHome: C:\Program Files\Cisco\Unified Rtmt\JRtmt\jre
2017-04-01 08:11:08,007 [main] INFO  rtmt.control  - com.cisco.ccm.serviceability.rtmt.security.RtmtCertificateManager:[INFO]:: WorkingDir: C:\Program Files\Cisco\Unified Rtmt\JRtmt
2017-04-01 08:11:08,241 [main] INFO  rtmt.control  - The trustStore name is RtmtTrustStore
2017-04-01 08:11:08,257 [main] INFO  rtmt.control  - Creating customized securesocketfactory wrapper class to disable SSLv3 Before initiating the handshake for CUCM
2017-04-01 08:11:08,537 [main] INFO  rtmt.control  - Server certificate cleared standard verification process. Hence trusted
2017-04-01 08:11:08,553 [main] ERROR rtmt.control  - Exception while initiating the handshake : java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
2017-04-01 08:11:08,584 [main] INFO  rtmt.control  - Server certificate cleared standard verification process. Hence trusted
2017-04-01 08:11:08,584 [main] ERROR rtmt.control  - [ERROR] getBannerDetails : Error getting banner details from server
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at java.net.HttpURLConnection.getResponseCode(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.BannerDetails.getBannerDetails(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.startApp(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.doStart(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.runRtmtMain(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.main(Unknown Source)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
        ... 18 more
2017-04-01 08:11:16,399 [main] INFO  rtmt.control  - In method doStart(): Calling startsplash()
2017-04-01 08:11:18,442 [SplashThread] INFO  rtmt.control  - In WaitRunner Thread: Before doMeat()
2017-04-01 08:11:18,442 [SplashThread] INFO  rtmt.control  - In doMeat():before calling checkremoteVersion
2017-04-01 08:11:18,442 [SplashThread] INFO  rtmt.control  - isHttp is : true
2017-04-01 08:11:18,442 [SplashThread] INFO  rtmt.control  - Entered fetchVersion, url=https://CUCM-PUB.customer.com:8443/ast/ServerVersion.xml
2017-04-01 08:11:18,442 [SplashThread] INFO  rtmt.control  - In fetchversion urlConnection is: sun.net.www.protocol.https.DelegateHttpsURLConnection:https://CUCM-PUB.customer.com:8443/ast/ServerVersion.xml

 BASIC auth mode ...
2017-04-01 08:11:18,474 [SplashThread] INFO  rtmt.control  - Server certificate cleared standard verification process. Hence trusted
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.utils.XmlConfig.load(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.utils.XmlConfig.<init>(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.ServerVersionChecker.fetchVersionXML(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.ServerVersionChecker.checkRemoteVersion(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain.doMeat(Unknown Source)
        at com.cisco.ccm.serviceability.rtmt.ui.JRtmtMain$SplashWindow$2.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(Unknown Source)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
        ... 19 more
2017-04-01 08:11:18,520 [SplashThread] ERROR rtmt.control  - SSLHandshakeException caught = javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
2017-04-01 08:11:18,536 [SplashThread] INFO  rtmt.control  - String returned by fetchUrl is : null
2017-04-01 08:11:18,536 [SplashThread] INFO  rtmt.control  - String returned by checkRemoteVersion:[Ljava.lang.String;@9f2c6e
2017-04-01 08:11:18,536 [SplashThread] INFO  rtmt.control  - In doMeat():versionString=null
2017-04-01 08:11:18,536 [SplashThread] INFO  rtmt.control  - SSLHandshake Exception was caught before, so NO Error message is thrown to user here.
2017-04-01 08:11:18,536 [SplashThread] INFO  rtmt.control  - ======>Exit System

2 people had this problem
Labels:
0 Helpful
2 Replies 2

jacob.dryer
Level 1
Level 1

‎10-23-2017 09:20 AM

Did you ever resolve this? I am running into the same issue.
0 Helpful

Sebastien Denoncin
Level 1
Level 1

‎09-18-2021 04:44 AM

Hello,

 

didi you solve the issue?

 

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents