Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
194
Views
2
Helpful
6
Replies

NCFS10010 / java.security.SignatureException: Signature encoding error

Go to solution
Dominic Stalder
Level 1
Level 1

‎11-27-2024 12:56 AM

Hi guys

I had an external repository setup in Cisco Catalyst Center 2.3.7.6, which worked well.

After upgrading and renewing the backend server because of a lifecycle and upgrading Cisco Catalyst Center to 2.3.7.7, I am not able to add the same external repository anymore:

DominicStalder_0-1732697734453.png

I think it does correspond with the changed SSH key on the server, but how can I renew / delete the old one on the Cisco Catalyst Center?

I tried to connect via SSH from CLI / maglev and this worked with the new server.

Thanks and best regards

Dominic

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Manuel K.
Level 1
Level 1

‎01-09-2025 05:46 AM

Hi @Dominic Stalder 

Thanks for the fast reply.

We are also using Rocky Linux 9 here, and got it working again!

The issue was that we are using a custom distributed configuration for sshd.

So the solution was to add the missing

Include /etc/crypto-policies/back-ends/opensshserver.config

(which normally is part of the

/etc/ssh/sshd_config.d/50-redhat.conf

config file)

It seems like the sshd config is just too secure without referencing the system wide crypto-policies.

Regards
Manuel

View solution in original post

6 Replies 6

Go to solution
DanielP211
VIP
VIP

‎11-27-2024 02:11 AM

Hello Dominic,

Have you tryed deleting the external reposity and setting it up again? 

BR

****Kindly rate all useful posts*****
0 Helpful

Go to solution
Dominic Stalder
Level 1
Level 1
In response to DanielP211

‎11-27-2024 02:24 AM

Hi BR

Absolutely, deleted the repository on the Cisco Cat Center completely and tried to re-add it.

Regards
0 Helpful

Go to solution
Manuel K.
Level 1
Level 1

‎01-09-2025 04:34 AM

Hi @Dominic Stalder 

we are encountering the exact same issue after Upgrading from Cisco DNAC to CCC.

Could you fix the issue?

Br
Manuel

0 Helpful

Go to solution
Dominic Stalder
Level 1
Level 1
In response to Manuel K.

‎01-09-2025 05:18 AM

Hi @Manuel K. 
we were able to fix it, but not on Cisco side. We migrated the SFTP server back from Rocky 9.5 to Ubuntu 22.04 LTS.

Based on the release notes, Rocky is not officially supported, even if the binaries are compatible with RedHat Enterprise (RHE).

Backup Server Requirements
The backup server must run one of the following operating systems:
- RedHat Enterprise (or CentOS) 8 or later
- Ubuntu 16.04 (or Mint, etc) or later

We did not have the nerves to have this discussion with Cisco TAC and just re-setup the new SFTP server with Ubuntu.

Regards
Dominic 

Go to solution
Manuel K.
Level 1
Level 1

‎01-09-2025 05:46 AM

Hi @Dominic Stalder 

Thanks for the fast reply.

We are also using Rocky Linux 9 here, and got it working again!

The issue was that we are using a custom distributed configuration for sshd.

So the solution was to add the missing

Include /etc/crypto-policies/back-ends/opensshserver.config

(which normally is part of the

/etc/ssh/sshd_config.d/50-redhat.conf

config file)

It seems like the sshd config is just too secure without referencing the system wide crypto-policies.

Regards
Manuel

Go to solution
Dominic Stalder
Level 1
Level 1
In response to Manuel K.

‎01-09-2025 05:56 AM

Hi @Manuel K. 

oh cool, thanks a lot for this information. I know, that our Linux team also tried with different ciphers, even allowing older ciphers. But I will forward this information to our team, thanks a lot!

Regards

Dominic

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card