Signature Algorithm SHA256withRSA failed in Java

Question

I have identically generated and signed certificates in Raspberry Pi and Ubuntu Linux .

SSL connection works fine on Raspberry while fails on Ubuntu with error Received fatal alert: unknown_ca

During certificate verify procedure I found difference:

Failed (Ubuntu on AWS)

*** CertificateVerify
Signature Algorithm SHA256withRSA

Good (Raspberry Pi)

*** CertificateVerify
Signature Algorithm SHA512withRSA

Why I have different signature algorithm? In both cases identical commands was used to create and sign certificates.

Might it be problem while communicating with Java?

UPD

Trying to enable Unlimited Strength Jurisdiction Policy

I have two folders in my Java installation that contains local_policy.jar and US_export_policy.jar :

C:\java\jdk1.8.0_241\jre\lib\security\policy\limited
C:\java\jdk1.8.0_241\jre\lib\security\policy\unlimited

I suppose unlimited folder contains required libs, but to be sure I have downloaded them from Oracle and overwritten.

I uncomented line crypto.policy=unlimited in C:\\java\\jdk1.8.0_241\\jre\\lib\\security\\java.security file

But problem remains the same. Is till have error:

MQTT Con: 2, RECV TLSv1.2 ALERT:  fatal, unknown_ca
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]

Answer 1

I would try checking if your client has Unlimited Strength Jurisdiction Policy enabled.

• $JAVA_HOME/jre/lib/security (for JDK)
• $JAVA_HOME/lib/security (for JRE)

The file has to have the line: crypto.policy=unlimited

If it's not there you will have to download a distributable from Oracle and then add the above line into the security file.