Bug ID 738272: Certificates does not conform to algorithm constraints

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IQ Platform(all modules)

Known Affected Versions:
5.4.0, 5.4.0 HF1, 5.4.0 HF2, 6.0.1,,, 6.1.0, 7.0.0,,, 7.1.0,,,, 7.1.6,, 7.1.7,,, 7.1.8,,,,,, 7.1.9,,,

Opened: Jul 25, 2018
Severity: 3-Major


Discovery fails with an error: Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1120) at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1086) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1000)


Device fails to be discovered. Troubleshooting is difficult because the error message is not easily understandable.


This occurs while running discovery when a BIG-IP device contains a device certificate signed using md5 with RSA Encryption


On the BIG-IP, create a device certificate that does not use a stronger signature algorithm such as SHA-256. For more information on how to re-create a device certificate, see K9114: Creating a new SSL device certificate and key pair, available at https://support.f5.com/csp/article/K9114

Fix Information


Behavior Change