Problem

I have some older Asus boards with an iKVM available as they are used as servers and support remote power management and console. I never had any issues running the remote console java application using my arch linux installation using the package icedtea-web. I just got the normal warnings about starting an untrusted application which is what I expect in this situation.

Suddenly, the kvm application did not start anymore and provided me an error message like the following one: jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars..

The main problem with this message is, that it does not tell you the real truth. The jviewer.jlnp I have is signed but using an older algorithms. While first looking for a solution to run unsigned jars, I was not successful. When I realized my error, it was quite easy to find a solution to that. The real issue was to combine the error with the real problem of a disabled algorithm instead of a missing signature.

Solution

First a word of WARNING: Activating old and unsecure algorithms have an impact on the general security of your runtime configuration. If you rarely use older jlnp-files, just switch the settings during the time you need to run them and revert to the original when finished.

The solution to this problem is quite easy. Just edit the java.security file of your java runtime installation as root.

nano /etc/java11-openjdk/security/java.security

Next locate the line starting with jdk.jar.disabledAlgorithms and comment it out. Insert jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 after that to reactivate the algorithms.

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
#      DSA keySize < 1024
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024

Now I am able to start my remote KVM without any issues again. This makes server administration a lot easier.