[cisco-voip] UCM and RSASSA-PSS Certificates

Ryan Ratliff (rratliff) rratliff at cisco.com
Mon Nov 7 11:38:12 EST 2016 

The bug (CSCuz38372) was in an email last week from another user.

This isn’t on the UCM roadmap (as of now) so start up a conversation with your account team so they can create a business case to get it done.

-Ryan

On Nov 7, 2016, at 2:31 AM, Reto Gassmann <voip at mrga.ch<mailto:voip at mrga.ch>> wrote:

Thank you all for your inputs.
I opened a TAC case to get an offical statement from cisco.

Regards Reto

Am Sonntag, 6. November 2016 schrieb Joshua Warcop :
That signature algorithm simply isn't supported. It's new with Windows Server 2012 CA installations. You have no other choice but to reissue the CA certificates with a different algorithm or use a different root chain completely. All certificates in the chain must be supported.

There is a process to change the CA and my recommendation is to fix the CA. This is another case of Microsoft using custom stuff thinking their products only ever live in pure Microsoft environments.



---- On Wed, 02 Nov 2016 05:52:59 -0400 Reto Gassmann<voip at mrga.ch<javascript:_e(%7B%7D,'cvml','voip at mrga.ch');>> wrote ----

Hello group

I tried to install CA signed certificates for tomcat and xmpp on our UCM and IM&P Server.
I could upload the Root and the intermediate certificates to the servers. Then I tried to upload the signed xmpp certificate an got the following error: java.security.cert.CertPathBuilderExeption: No such signature agorithm.
I also tried to upload the certificate chain with the same result.

Our Microsoft CA uses the RSASSA-PSS signature algorithm. I found the Bug CSCuz38372 that describes an issue with this signature algorithm and CUCM servers.
We cannot change the signing algorithm on the CA. So I have to solve it on the UCM.

Has anyone seen this and found a solution?
Thanks Reto
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161107/508a8190/attachment.html>

More information about the cisco-voip mailing list