Why is there Failed Signature Check when using update server?

Issue

  • Signature verification fails when using an update site for Plugins. Going to an update server results in the error None of the tool installer metadata passed the signature check

Environment

  • CloudBees Jenkins Operations Center

Resolution

In JDK 1.8.65 some older encryption algorithms are disabled, which causes this behavior. There are two options for workaround:

Surpress the signature verification check by adding the following Java option

-Dhudson.model.DownloadService.noSignatureCheck=true

or

Modify your JDK security policy to admit unsecure encryption algorithms by replacing jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 with jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512 in the file $JRE_HOME/lib/securityjava.security

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.