java.security.cert.CertPathBuilderException: No such signature algorithm.
It appears that UCCX doesn't support RSASSA-PSS which Microsoft uses on the root and issuing ca. Are there any workarounds for this?
We're getting the same error message from a customer's UCCX v10.6
The customer originally gave us a RSASSA-PSS certificate and has offered to give us a ECDH_P256 certificate but I don't want to ask them to generate that as I don't know if it will work and can't find any documentation with a list of supported certificate types. Does anyone have a list, or even an example of one, certificate type that will work?
We had to generate SHA256 certs, not RSA-PSS I believe. To do it with a internal MS server we had to create a new cert profile and eventually got it.
Thanks for the rapid response.
This whole certificate business is still new to me and I'm struggling to find definitive documentation to explain the topic.
The cert we've been given was generated with RSASSA-PSS signature algorithm and sha256 hashing algorithm, see below.
The main problem I have is I don't know what exactly to ask the customer to provide us with in terms of the type of certificate. The customer has offered to provide a cert signed with ECDH_P256 algorithm but I don't think that will work as the release notes for CUCM v11 say that as of v11, EC-type certificates are supported, implying that in 10.x they are not. But I can't find documentation which says what types of cert are supported in 10.6.
I think you need to create/migrate the cert authority to allow SHA256RSA.
Check this out: https://blogs.technet.microsoft.com/askds/2015/04/01/migrating-your-certification-authority-hashing-algorithm-from-sha1-to-sha2/