Why is there Failed Signature Check when using update server?

Article ID:115000494608
1 minute readKnowledge base


  • Signature verification fails when using an update site for Plugins. Going to an update server results in the error None of the tool installer metadata passed the signature check


  • CloudBees Jenkins Operations Center


In JDK 1.8.65 some older encryption algorithms are disabled, which causes this behavior. There are two options for workaround:

Suppress the signature verification check by adding the following Java option



Modify your JDK security policy to admit insecure encryption algorithms by replacing jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 with jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512 in the file $JRE_HOME/lib/securityjava.security