Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
0
Helpful
6
Replies

UCCX SSL Certificate Install error

Dan Coats
Level 1
Level 1

‎07-21-2015 07:35 AM - edited ‎03-19-2019 09:50 AM

java.security.cert.CertPathBuilderException: No such signature algorithm.

It appears that UCCX doesn't support RSASSA-PSS which Microsoft uses on the root and issuing ca. Are there any workarounds for this?

 

3 people had this problem
Labels:
0 Helpful
6 Replies 6

benbollinger
Level 2
Level 2

‎10-09-2015 08:09 PM

Did you find a solution to this?  I'm having the same problem on callmanager and presence 10.5

0 Helpful

Dan Coats
Level 1
Level 1
In response to benbollinger

‎10-09-2015 08:24 PM

Had to reconfigure our CA to use SHA256 ciphers and reissue the certificates

0 Helpful

vincent.morton
Level 1
Level 1

‎04-18-2016 07:56 AM

We're getting the same error message from a customer's UCCX v10.6

The customer originally gave us a RSASSA-PSS certificate and has offered to give us a ECDH_P256 certificate but I don't want to ask them to generate that as I don't know if it will work and can't find any documentation with a list of supported certificate types. Does anyone have a list, or even an example of one, certificate type that will work?

0 Helpful

benbollinger
Level 2
Level 2
In response to vincent.morton

‎04-18-2016 08:05 AM

We had to generate SHA256 certs,  not RSA-PSS I believe.  To do it with a internal MS server we had to create a new cert profile and eventually got it.

0 Helpful

vincent.morton
Level 1
Level 1
In response to benbollinger

‎04-18-2016 08:40 AM

Ben,

Thanks for the rapid response.

This whole certificate business is still new to me and I'm struggling to find definitive documentation to explain the topic.

The cert we've been given was generated with RSASSA-PSS signature algorithm and sha256 hashing algorithm, see below.

The main problem I have is I don't know what exactly to ask the customer to provide us with in terms of the type of certificate. The customer has offered to provide a cert signed with ECDH_P256 algorithm but I don't think that will work as the release notes for CUCM v11 say that as of v11, EC-type certificates are supported, implying that in 10.x they are not. But I can't find documentation which says what types of cert are supported in 10.6.

0 Helpful

benbollinger
Level 2
Level 2
In response to vincent.morton

‎04-18-2016 08:49 AM

I think you need to create/migrate the cert authority to allow SHA256RSA.

Check this out:  https://blogs.technet.microsoft.com/askds/2015/04/01/migrating-your-certification-authority-hashing-algorithm-from-sha1-to-sha2/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents