Tried to login to one of my server that requires Java and immediately got this error:
Unsigned application requesting unrestricted access to system. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned
After some research on Google I found that the root cause was
JAR files signed with MD5 algorithms. Apparently Java/Oracle decided to play smart suddenly and now they are treating JAR files signed with keySize less than <1024 as unsigned JARs. Read more here.
Fixing Unsigned application requesting
You can fix this by simply commening out
jdk.jar.disabledAlgorithms in the file of
- In my Windows it’s located at:
C:\Program Files (x86)\Java\jre7\lib\security\java.security
- In MacOS it’s located at
- In Linux? – readers please comment below
I simply edited the file and added a hash
# in front of the line below, save and run the
JNLP File again and it worked.
# jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
In some cases you may need to clear browser cache and Java Temporary files. Browser cache is normal, just delete everything including history form the beginning of time, all cookies, downloaded applications etc. For Java Temporary files do it from
Control Panel >
Now you can argue if this is secured? Duh, no … but when you’re about to make a change and there’s no alternative, then this is a quick and dirty fix. An alternative might be changing it to <128 Keysize or something else instead of commenting it out. Use your judgement i.e.
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 128