Why is there Failed Signature Check when using update server?

Article ID:115000494608
1 minute readKnowledge base

Issue

  • Signature verification fails when using an update site for Plugins. Going to an update server results in the error None of the tool installer metadata passed the signature check

Environment

  • CloudBees Jenkins Operations Center

Resolution

In JDK 1.8.65 some older encryption algorithms are disabled, which causes this behavior. There are two options for workaround:

Suppress the signature verification check by adding the following Java option

-Dhudson.model.DownloadService.noSignatureCheck=true

or

Modify your JDK security policy to admit insecure encryption algorithms by replacing jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024 with jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512 in the file $JRE_HOME/lib/securityjava.security

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.