David, one of our readers, emailed wih a question - when he tries to interact with a particular print driver, he gets a Java error:
PKIX path validation failed:
java.security.cert.CertPathValidatorException:
Algorithm constraints check failed: MD2withRSA
This error comes up because as of Java 7, MD2 hashing and any RSA hash under 1024 bits are disabled. Since this is a (very) old printer driver, the fact that it still uses MD2 is not a surprise - but what to do next?
OK - the obvious answer is to upgrade out of the problem - if the driver has an update, apply it. But how do we get to the interface given the Java situation? The answer is buried in the Java config files - - edit the file java.securty, which in Windows is found at: "C:\Program Files (x86)\Java\jre7\lib\security"
In this file, you'll find the line:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
Edit or comment out this line, and MD2 will work for you again. But don't leave it like this - this enables all those certs with weak hashes, which leaves you open to a world of hurt. In this case, it gets you access back to the interface so you can upgrade to a newer version. If there is no newer version, it gives you access until you can upgrade the hardware or app that's causing the problem.
===============
Rob VandenBrink
Metafore