Issue
-
Signature verification fails when using an update site for Plugins. Going to an update server results in the error
None of the tool installer metadata passed the signature check
Resolution
In JDK 1.8.65 some older encryption algorithms are disabled, which causes this behavior. There are two options for workaround:
Suppress the signature verification check by adding the following Java option
-Dhudson.model.DownloadService.noSignatureCheck=true
or
Modify your JDK security policy to admit insecure encryption algorithms by replacing jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 with jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512 in the file $JRE_HOME/lib/securityjava.security
This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.