Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IQ Platform
Known Affected Versions:
5.4.0, 5.4.0 HF1, 5.4.0 HF2, 6.0.1, 6.0.1.1, 6.0.1.2, 6.1.0, 7.0.0, 7.0.0.1, 7.0.0.2, 7.1.0, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9
Opened: Jul 25, 2018 Severity: 3-Major
Discovery fails with an error: Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1086) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1000)
Device fails to be discovered. Troubleshooting is difficult because the error message is not easily understandable.
This occurs while running discovery when a BIG-IP device contains a device certificate signed using md5 with RSA Encryption
On the BIG-IP, create a device certificate that does not use a stronger signature algorithm such as SHA-256. For more information on how to re-create a device certificate, see K9114: Creating a new SSL device certificate and key pair, available at https://support.f5.com/csp/article/K9114
None