[cisco-voip] UCM and RSASSA-PSS Certificates
Joshua Warcop
josh at warcop.com
Sun Nov 6 12:05:52 EST 2016
That signature algorithm simply isn't supported. It's new with Windows Server 2012 CA installations. You have no other choice but to reissue the CA certificates with a different algorithm or use a different root chain completely. All certificates in the chain must be supported.There is a process to change the CA and my recommendation is to fix the CA. This is another case of Microsoft using custom stuff thinking their products only ever live in pure Microsoft environments. ---- On Wed, 02 Nov 2016 05:52:59 -0400 Reto Gassmann<voip at mrga.ch> wrote ----Hello groupI tried to install CA signed certificates for tomcat and xmpp on our UCM and IM&P Server.I could upload the Root and the intermediate certificates to the servers. Then I tried to upload the signed xmpp certificate an got the following error: java.security.cert.CertPathBuilderExeption: No such signature agorithm. I also tried to upload the certificate chain with the same result.Our Microsoft CA uses the RSASSA-PSS signature algorithm. I found the Bug CSCuz38372 that describes an issue with this signature algorithm and CUCM servers.We cannot change the signing algorithm on the CA. So I have to solve it on the UCM.Has anyone seen this and found a solution?Thanks Reto _______________________________________________ cisco-voip mailing list cisco-voip at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161106/8b889e03/attachment.html>
More information about the cisco-voip
mailing list