CLI, OS

Fix icedtea Cannot grant permissions to unsigned jars error

January 1, 2018 nicholas 17 Comments

I banged my head on a wall for a while before I finally found a fix to this one. OpenJDK8 has new security features that break compatibility with the IPMI interfaces of my older servers. The problem in my case stemmed from the fact that the java applet is signed, just with an algorhythm that JDK8 blacklists. So, I had to remove MD5 from the blacklisted algorhythms to get this to work. Thanks to this site for guidance on how to do this.

Per that site, this is what I did to fix the issue:

Find the java.security file. In my case it is located in /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security

Then find the row:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

Comment it out, copy it, delete the MD5 string.

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

17 thoughts on “Fix icedtea Cannot grant permissions to unsigned jars error”

Cnekmp says:

April 4, 2019 at 11:12 pm

You saved my life ) Thanks a lot man!

Reply
CNSu says:

June 17, 2020 at 2:00 am

Great!!! Thanks for your sharing~~~

Reply
Mat says:

November 26, 2020 at 11:51 am

Sadly, it does not solve my issue with iDRAC6 on PowerEdge 610. But thank you for sharing. It might be worth mentioning this as well: https://unix.stackexchange.com/questions/143805/running-unsigned-javaws-code

Reply
manoj says:

April 28, 2021 at 11:17 pm

thank you

Reply
Yuri says:

September 20, 2021 at 5:26 pm

Thanks!!

Reply
Ashish says:

November 7, 2021 at 8:26 am

Thank you Nicholas for sharing. This helped 🙂

Reply
Hafiz says:

December 9, 2021 at 12:22 am

thank you save my day

Reply
Oscar says:

December 20, 2021 at 6:03 am

Algorythm is my new favourite word 🙂 +1

Reply
rtt says:

September 28, 2022 at 6:22 pm

Very helpful blog, I’ve made a similar post but recently updated mine as the java.security file is now located here in the newer versions like openjdk 11: /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security

Reply
1. Charlotte says:
  
  November 11, 2022 at 7:25 am
  
  I was having an issue with ConnectWise. I can confirm this solved it.
  
  Reply
Fred says:

November 18, 2022 at 4:11 pm

And me too and still solving it.
Thx

Reply
SAB says:

May 24, 2023 at 12:06 pm

Than you very much.

On Mint 20 the file you need to edit is

/etc/java-11-openjdk/security/java.security

Reply
Alex says:

March 23, 2024 at 10:13 am

fixed the problem for my old(?) G250-S88 iPMI. However, I just commented out all disable protocols.

Reply
1. nicholas says:
  
  March 23, 2024 at 10:34 am
  
  Glad to hear it!
  
  Reply
candepora77 says:

April 2, 2024 at 7:04 am

I had the same problem with a supermicro system and only after upgrading to an specific old version of jre, in my case this version, https://javadl.oracle.com/webapps/download/AutoDL?BundleId=249542_4d245f941845490c91360409ecffb3b4 and then I would be able to apply the solution mentioned in this forum.

Reply
phredd groves says:

April 22, 2024 at 6:33 pm

Thank you! Count me in as another grateful admin who was struggling with an older IPMI setup.

Reply
1. nicholas says:
  
  April 22, 2024 at 6:51 pm
  
  I’m glad this is still useful so many years later!
  
  Reply

Technicus

Fix icedtea Cannot grant permissions to unsigned jars error

17 thoughts on “Fix icedtea Cannot grant permissions to unsigned jars error”

Leave a Reply Cancel reply

Nick's technical musings