Cisco Community
English
Register
Speak French? Now you can ask your questions in the new French Community! CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
6
Replies
Dan Coats
Dan Coats Beginner
Beginner
‎07-21-2015 07:35 AM
‎07-21-2015 07:35 AM

UCCX SSL Certificate Install error

java.security.cert.CertPathBuilderException: No such signature algorithm.

It appears that UCCX doesn't support RSASSA-PSS which Microsoft uses on the root and issuing ca. Are there any workarounds for this?

 

Labels:
3 people had this problem
0 Helpful
Reply
6 REPLIES 6
benbollinger
benbollinger Explorer
Explorer
‎10-09-2015 08:09 PM
‎10-09-2015 08:09 PM

Did you find a solution to

Did you find a solution to this?  I'm having the same problem on callmanager and presence 10.5

0 Helpful
Reply
Dan Coats
Dan Coats Beginner
Beginner
‎10-09-2015 08:24 PM
‎10-09-2015 08:24 PM

Had to reconfigure our CA to

Had to reconfigure our CA to use SHA256 ciphers and reissue the certificates

0 Helpful
Reply
vincent.morton
vincent.morton Beginner
Beginner
‎04-18-2016 07:56 AM
‎04-18-2016 07:56 AM

We're getting the same error

We're getting the same error message from a customer's UCCX v10.6

The customer originally gave us a RSASSA-PSS certificate and has offered to give us a ECDH_P256 certificate but I don't want to ask them to generate that as I don't know if it will work and can't find any documentation with a list of supported certificate types. Does anyone have a list, or even an example of one, certificate type that will work?

0 Helpful
Reply
Highlighted
benbollinger
benbollinger Explorer
Explorer
‎04-18-2016 08:05 AM
‎04-18-2016 08:05 AM

We had to generate SHA256

We had to generate SHA256 certs,  not RSA-PSS I believe.  To do it with a internal MS server we had to create a new cert profile and eventually got it.

0 Helpful
Reply
vincent.morton
vincent.morton Beginner
Beginner
‎04-18-2016 08:40 AM
‎04-18-2016 08:40 AM

Ben,

Ben,

Thanks for the rapid response.

This whole certificate business is still new to me and I'm struggling to find definitive documentation to explain the topic.

The cert we've been given was generated with RSASSA-PSS signature algorithm and sha256 hashing algorithm, see below.

The main problem I have is I don't know what exactly to ask the customer to provide us with in terms of the type of certificate. The customer has offered to provide a cert signed with ECDH_P256 algorithm but I don't think that will work as the release notes for CUCM v11 say that as of v11, EC-type certificates are supported, implying that in 10.x they are not. But I can't find documentation which says what types of cert are supported in 10.6.

0 Helpful
Reply
benbollinger
benbollinger Explorer
Explorer
‎04-18-2016 08:49 AM
‎04-18-2016 08:49 AM

I think you need to create

I think you need to create/migrate the cert authority to allow SHA256RSA.

Check this out:  https://blogs.technet.microsoft.com/askds/2015/04/01/migrating-your-certification-authority-hashing-algorithm-from-sha1-to-sha2/

0 Helpful
Reply
Latest Contents
New Advanced Diagnostics and Analytics in Control Hub for IT...
Created by kathyMill345 on 08-14-2019 11:56 AM
0
0
0
0
Join this featured IT Admin Control Hub session where you’ll hear about the improved Meeting diagnostics capability in Control Hub which provides IT Admins richer insights about their meetings, the participants and the quality of service. See metrics to h... view more
Register a Device to Cisco WebEx Using API or Local Web Inte...
Created by Vaijanath Sonvane on 08-13-2019 09:39 PM
0
0
0
0
This document explains how to register a Cisco TelePresence or WebEx device to Cisco WebEx Cloud Service Using API or Local Web Interface use. This procedure is applicable for Collaboration Endpoint Software 9.8 and later. In previous versi... view more
Unified Communications Platform VMWare Tools Linux Module Lo...
Created by JustSomeNetworkGuy on 08-09-2019 12:24 PM
1
0
1
0
SymptomsCER or other Cisco UC platform servers fail to boot with an error message immediately on startup similar to:FATAL: Could not load /lib/modules/2.6.32-642.el6.x86_64/modules.depDiagnosisYou do some searching, and think it's related to this bug - CS... view more
BroadWorks Signaling Call Analyzer
Created by vsimard on 08-09-2019 07:21 AM
2
5
2
5
Tool Description This Log Analysis tool helps you analyze the call processing and the signaling information collected by the XSLog logs from the Cisco BroadWorks system.  This tool also supports a broad range of other Cisco products and technologies... view more
Attend Our New Webex Online Training Courses
Created by kathyMill345 on 08-08-2019 10:07 AM
1
0
1
0
We are excited to announce we have enhanced our Webex Online Courses Program to offer a variety of courses to help customers increase their knowledge and skill-set on the features and functionalities of their Webex product.   Free – all courses 30 a... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards