Resolving Java Certificate Issues When Connecting to VMware vCenter

If you encounter the following error message when trying to connect vScope to VMware vCenter:

“VI SDK invoke exception.javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException Certificate does not conform to algorithm constraints”

This issue is due to an outdated certificate on the vCenter machine that does not meet modern security standards.

Solution: Resolving SSL Certificate Issues

It is highly recommended to update the certificate on the vCenter machine. However, if this is not possible, you can also bypass the Java security check on the vScope machine.

Solution 1: Upgrade the vCenter Certificate (Recommended)

Upgrading the certificate on the vCenter machine to a more secure version will resolve the issue and improve the overall security of your environment.

Solution 2: Bypass Java Security Check on the vScope Machine

If upgrading the vCenter certificate is not feasible, you can bypass the Java certificate algorithm constraint. Follow these steps carefully, as it involves adjusting security settings on the vScope machine:

Stop the vScope Server Service
- On the vScope machine, stop the vScope Server service to safely modify settings.
Locate and Edit the Java Security File
- Open the Java security file located at:
```
C:\Program Files\Java\jre7\lib\security\java.security
```
Disable the Outdated Algorithm Constraint
- Find the line that begins with:
```
jdk.certpath.disabledAlgorithms=MD2
```
- Comment out this line by adding a # at the beginning:
```
# jdk.certpath.disabledAlgorithms=MD2
```
Restart the vScope Server Service
- After saving changes to java.security, restart the vScope Server service.

By following either of these methods, you can resolve the SSL certificate error when connecting vScope to VMware vCenter.