Failing to import VMware VMs from vCenter
Symptom
Arcserve UDP cannot import VMware VMs from the vCenter, although the vCenter server is functional and is able to connect with both the browser and vSphere client. In ARCAPP-Gateway.log of Arcserve UDP Console server, the error message appears is as follows:
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
But when you change the following two lines in the file “C:\Program Files\Arcserve\Unified Data Protection\Common\JRE\lib\security\java.security”, and restart the Arcserve UDP Management service, it can connect to the same vCenter server by Arcserve UDP:
Existing lines:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
Modified Lines:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 512
Cause:
vCenter Server has a certificate with a short public key length or its algorithm is disabled by the JRE in Arcserve UDP. A certificate with public key length less than 1024 bits is considered unsafe (same applies to the MD5 algorithm). They are disabled by the JRE used by Arcserve UDP.
Solution
Generate a new certificate for the vCenter Server. Ensure that the new certificate has a public key that is greater than 1024 bits in size and use a stronger algorithm.