[cisco-voip] UCM and RSASSA-PSS Certificates

[Reto Gassmann]

Thank you all for your inputs.
I opened a TAC case to get an offical statement from cisco.

Regards Reto

Am Sonntag, 6. November 2016 schrieb Joshua Warcop :

> That signature algorithm simply isn't supported. It's new with Windows
> Server 2012 CA installations. You have no other choice but to reissue the
> CA certificates with a different algorithm or use a different root chain
> completely. All certificates in the chain must be supported.
>
> There is a process to change the CA and my recommendation is to fix the
> CA. This is another case of Microsoft using custom stuff thinking their
> products only ever live in pure Microsoft environments.
>
>
>
> ---- On Wed, 02 Nov 2016 05:52:59 -0400 Reto Gassmann<voip at mrga.ch
> <javascript:_e(%7B%7D,'cvml','voip at mrga.ch');>> wrote ----
>
> Hello group
>
> I tried to install CA signed certificates for tomcat and xmpp on our UCM
> and IM&P Server.
> I could upload the Root and the intermediate certificates to the servers.
> Then I tried to upload the signed xmpp certificate an got the following
> error: java.security.cert.CertPathBuilderExeption: No such signature
> agorithm.
> I also tried to upload the certificate chain with the same result.
>
> Our Microsoft CA uses the RSASSA-PSS signature algorithm. I found the Bug
> CSCuz38372 that describes an issue with this signature algorithm and CUCM
> servers.
> We cannot change the signing algorithm on the CA. So I have to solve it on
> the UCM.
>
> Has anyone seen this and found a solution?
> Thanks Reto
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> <javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161107/481a2416/attachment.html>