If you are using Java, you can adjust the security settings to allow the necessary algorithms. You can do this by modifying the java.security
file typically located in the lib/security
directory of your Java installation. Add or modify the lines to include the necessary algorithms.
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 2048
If the problem persists, you can create a custom trust store that includes the necessary certificates and configure your application to use it. This can be done by setting the appropriate JVM options:
-Djavax.net.ssl.trustStore=/path/to/truststore.jks
-Djavax.net.ssl.trustStorePassword=yourTrustStorePassword
You can set environment variables for the pod to specify the use of the updated trust store or to relax certain constraints temporarily (not recommended for production).
Here is an example of how you might update your deployment.yaml
for the AKS pod to include environment variables:
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: myapp:latest
env:
- name: JAVA_OPTS
value: "-Djavax.net.ssl.trustStore=/path/to/truststore.jks -Djavax.net.ssl.trustStorePassword=yourTrustStorePassword"
More links :
https://learn.microsoft.com/en-us/answers/questions/1199915/certificates-do-not-conform-to-algorithm