Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1969
Views
0
Helpful
6
Replies

Receive "java.security.cert.CertPathBuilderException: No such signature algorithm" when uploading certificates

wchatcher
Level 1
Level 1

‎01-10-2013 10:51 AM - edited ‎03-16-2019 03:06 PM

We have a Microsoft Windows 2008 R2 Root CA server issuing certificates. When I try to upload the certificate that is issued I receive to tomcat on our CUCM 9.0 server I receive "java.security.cert.CertPathBuilderException: No such signature algorithm".  I can loaded up the certificate chain in the tomcat-trust with no issues.                  

4 people had this problem
Labels:
0 Helpful
6 Replies 6

liayan
Level 1
Level 1

‎08-05-2014 07:30 AM

I met the same issue, can you please let me know how you got it resolved? thx!

Liang

 


 

0 Helpful

Emmanuel Valdez
Level 3
Level 3
In response to liayan

‎08-21-2014 05:49 PM

Hello,

Did you upload a certificate that was issued by a Subordinate CA or Root CA?

Try uploading one from a Subordinate CA.

Regards.

0 Helpful

Dan Coats
Level 1
Level 1
In response to Emmanuel Valdez

‎12-22-2015 09:28 AM

Had to reconfigure our CA to use SHA256 ciphers and reissue the certificates.

http://blogs.technet.com/b/pki/archive/2013/09/19/upgrade-certification-authority-to-sha256.aspx

0 Helpful

edguidry
Level 1
Level 1
In response to liayan

‎12-22-2015 08:06 AM

hello, same issue.   did anyone resolve this?

i have load a root and subordinate cert with success.   But when uploading the signed cert, I get the "no such signature algorithm" error. 

Is there a difference with the MS CA version that may impact this?   Enterprise or not enterprise?  We are running CA v 6.3.   Customer recently enabled SHA256 and we have tried encoding with DER and base64 but no difference.

Thanks,

Eddie

0 Helpful

Dan Coats
Level 1
Level 1
In response to edguidry

‎12-22-2015 09:35 AM

Had to reconfigure our CA to use SHA256 ciphers and reissue the certificates. Just guessing that if you look at your cert it is currently RSASSA-PSS which is not supported.

supports Privacy Enhanced Mail (PEM) Base64 encoded format of X.509 certificate (only one PEM certificate in a file), Distinguished Encoding Rules (DER) format of X509 Certificate and DER format of PKCS#7 (Public-Key Cryptography Standards) Certificate Chain. The system does not support PEM format of PKCS#7 Certificate Chain.

http://blogs.technet.com/b/pki/archive/2013/09/19/upgrade-certification-authority-to-sha256.aspx

0 Helpful

Deepak Rawat
Cisco Employee
Cisco Employee
In response to edguidry

‎12-22-2015 06:24 PM

Eddie,

Please make sure that you are uploading the complete certificate chain i.e.,

1) Root certificate as tomcat-trust

2) Any intermediate certificate as tomcat-trust

3) Server certificate as tomcat

Apart from the above, most of the time this error occurs when the signed certificate does not match the format selected in the CSR. For example, if the CSR was generated using SHA1 as the signature algorithm and the CA signed them using SHA256, this would result in this issue.

So the key here is to make sure that the CSR which was generated using a X algorithm should be signed by CA as well using X algorithm only. Sometimes with different version of MS CA, the default signing algorithm is set to something else and customers overlook that and forget to change it while signing the certs and hence the certs are generated with a different algorithm altogether compared to what the CSR was generated with.

Regards

Deepak

- Rate Helpful Posts -

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents