Failing to import VMware VMs from vCenter

Symptom

Arcserve UDP cannot import VMware VMs from the vCenter, although the vCenter server is functional and is able to connect with both the browser and vSphere client. In ARCAPP-Gateway.log of Arcserve UDP Console server, the error message appears is as follows:

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

But when you change the following two lines in the file “C:\Program Files\Arcserve\Unified Data Protection\Common\JRE\lib\security\java.security”, and restart the Arcserve UDP Management service, it can connect to the same vCenter server by Arcserve UDP:

Existing lines:

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

Modified Lines:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512

jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 512

Cause:

vCenter Server has a certificate with a short public key length or its algorithm is disabled by the JRE in Arcserve UDP. A certificate with public key length less than 1024 bits is considered unsafe (same applies to the MD5 algorithm). They are disabled by the JRE used by Arcserve UDP.

Solution

Generate a new certificate for the vCenter Server. Ensure that the new certificate has a public key that is greater than 1024 bits in size and use a stronger algorithm.