One of my computers has Java 8 update 361 installed.
You need to use the AirView application (JAVA) on the UBNT bridge, but the runtime prompts:
Application blocked for security reasons
The certificate cannot be verified.
The application will not be executed.
Name: AirView
Publisher: Ubiquiti Inc.
Location: http://172.:80
The author has previously added the above address to the control panel - Java - Security - "Exception Sites" list, which can run normally on previous old Java versions.
However, since Java was updated to a certain version (it was impossible to verify the specifics), the problem of "unable to verify the certificate" has occurred.
The author also tried to set several certificate revocation checks to "No check" in the Control Panel - Java - Advanced. But it still has no effect and the same error message is still reported.
Since there is a problem with the certificate, check the certificate of the JAVA application when the prompt pops up.
The certificate I found was the SHA256 algorithm. But in the certificate path, there is a parent (root) certificate using the SHA1 algorithm.
So could it be that the SHA1 algorithm is banned by JAVA?
The answer is in the C:\Program Files\Java\jre1.8.0_361\lib\security\ file.
I found a few lines:
=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
include , \
SHA1 usage SignedJAR & denyAfter 2019-01-01
I checked the Internet again, and the official statement was very clear:
JARs signed with SHA-1 algorithms are now restricted by default and treated as if they were unsigned.
Any JAR signed with SHA-1 algorithms and timestamped prior to January 01, 2019 will NOT be restricted.
Users can, at their own risk, remove these restrictions by modifying the
configuration file (or override it by using thesystem property) and removing "SHA1 usage SignedJAR & denyAfter 2019-01-01" from thesecurity property and "SHA1 denyAfter 2019-01-01" from thesecurity property.
Java™ SE Development Kit 11, 11.0.17 Release Notes
That is to say, JRE starts with a certain version (about the third quarter of 2021), and by default, it blocks the application of signed certificates using the SHA1 algorithm. But there are exceptions, that is, if the signature timestamp is earlier than January 1, 2019, it is not subject to this restriction.
Therefore, you only need to find two lines of code in the file with "denyAfter 2019-01-01" and comment it out with #.
Save the file and then run the previous java application.
Summarize
This article about JAVA "Cannot verify the certificate. The application will not be executed." This is all about this article, and more related JAVA cannot verify the certificate. If you will not execute the content of this application, please search for my previous articles or continue browsing the related articles below. I hope you will support me more in the future!