When testing a mail server connection to a sendgrid mail server I'm receiving the following error:
CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA
When I do the same in our staging environment (which uses the same base image with the same java_home, cacerts, etc) the connection works fine.
I've turned on ssl debugging to verbose and compared the two environments logs. It appears that it finds the GoDaddy certs that Sendgrid utilizes just fine, but when our stage environment moves on to:
"javax.net.ssl|DEBUG|01 D7|http-nio-8080-exec-18|2022-09-16 17:11:51.137 GMT|ECDHServerKeyExchange.java:524|Consuming ECDH ServerKeyExchange handshake message"
our production environment sees this:
"javax.net.ssl|ERROR|02 5A|http-nio-8080-exec-4 url: /secure/admin/VerifySmtpServerConnection!update.jspa; user: email@example.com|2022-09-16 21:15:31.274 GMT|TransportContext.java:345|Fatal (UNSUPPORTED_CERTIFICATE): Certificates do not conform to algorithm constraints"
This error started occurring for us when I switched our tls cert (utilized for our jira environment) from using IBM cloud certificate manager to secret manager (due to cert manager being deprecated). The process involved exporting the cert from cert manager and importing to secret manager (giving it the key and both .pem files for cert/intermediate). Again, no issues when we did this in stage the day prior.
According to everything I've seen from searching the error we would need to update the disabledAlgorithms in java.security, which we attempted and it did not resolve our issue.
Any insights would be greatly appreciated!