I banged my head on a wall for a while before I finally found a fix to this one. OpenJDK8 has new security features that break compatibility with the IPMI interfaces of my older servers. The problem in my case stemmed from the fact that the java applet is signed, just with an algorhythm that JDK8 blacklists. So, I had to remove MD5 from the blacklisted algorhythms to get this to work. Thanks to this site for guidance on how to do this.
Per that site, this is what I did to fix the issue:
Find the java.security
file. In my case it is located in /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security
Then find the row:
1
|
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 |
Comment it out, copy it, delete the MD5
string.
1
2
|
#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 |
You saved my life ) Thanks a lot man!
Great!!! Thanks for your sharing~~~
Sadly, it does not solve my issue with iDRAC6 on PowerEdge 610. But thank you for sharing. It might be worth mentioning this as well: https://unix.stackexchange.com/questions/143805/running-unsigned-javaws-code
thank you
Thanks!!
Thank you Nicholas for sharing. This helped š
thank you save my day
Algorythm is my new favourite word š +1
Very helpful blog, I’ve made a similar post but recently updated mine as the java.security file is now located here in the newer versions like openjdk 11: /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security
I was having an issue with ConnectWise. I can confirm this solved it.
And me too and still solving it.
Thx
Than you very much.
On Mint 20 the file you need to edit is
/etc/java-11-openjdk/security/java.security
fixed the problem for my old(?) G250-S88 iPMI. However, I just commented out all disable protocols.
Glad to hear it!
I had the same problem with a supermicro system and only after upgrading to an specific old version of jre, in my case this version, https://javadl.oracle.com/webapps/download/AutoDL?BundleId=249542_4d245f941845490c91360409ecffb3b4 and then I would be able to apply the solution mentioned in this forum.
Thank you! Count me in as another grateful admin who was struggling with an older IPMI setup.
Iām glad this is still useful so many years later!