Java 9 Restriction on MD5withRSA

Problem:
You got the following error message when trying to access Java applet.

Unsigned application requesting unrestricted access to system. The following resource is signed with a weak signature algorithm MD5withRSA and is treated as unsigned.

Screen Shot 2017-10-30 at 5.22.09 PM

Workaround:

  1. Get java.security file in Java Applet Plugin folder.
$ cd /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/conf/security/ 
$ vim java.security
  1. Find the following lines and comment them out.
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
 RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
      DSA keySize < 1024

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224

E.g.:

#jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
# RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
#      DSA keySize < 1024

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#    EC keySize < 224

Bright Cluster – HA Setup

  1. Configure failover interface in 1st Head Node
  2. Register license for HA
  3. Prepare HA configuration using command
     $ cmha-setup
  4. Go to Setup menu to prepare configuration
  5. Check Clone Failover for clone instruction
  6. Power-on second head node, let it boot to PXE
  7. Select Rescue in PXE menu
  8. Login as root
  9. Start cloning by calling
     $ /cm/cm-clone-install --failover
  10. The second head node will reboot automatically once completed
  11. Back to primary head node.
  12. In cmha-setup menu, select Finalize.
  13. Verify HA status
     $ cmha status
  14. In cmha-setup menu, configure shared storage.