Problem:
With Device Server 90*10 some Konica Minolta devices are showing the error "unable to configure device because : device does not appear to have SSL enabled".
However the same device are working on Device Server 90*09 with the same Security/SSL settings.
Cause:
This issue is related to the Java.Security change in Device Server 90*10.
In the device server logic trace following error is seen:
ConfigureDeviceJob (3634), emitter=dk.safecom.products.deviceserver.devicesupport.konicaminolta.internal.di.KonicaMinoltaConfigurationInterface, message=SSL
This appears to be broken: - com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
Resolution:
An exception needs to be added into the java.security file to allow the MD5/RSA algorithm
The Following steps are needed to be performed:
1. Stop the device server service.
2. Navigate to C:\Program Files (x86)\SafeCom\SafeCom Device Server\bin\jre\lib\security
3. Open the java.security file in notepad or a similar application. The following lines:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
Need to be changed to: (this will depend on the certificate used on the device)
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024, DHE, ECDHE, ECDHE_RSA, DiffieHellman
4. Comment out all lines from jdk.tls.legacyAlgorithms= \ onwards (6 lines in total).
5. Save the edited java.secrutiy file.
6. Reboot the server after making this change, as restarting the device server service alone may not be sufficient.
