Thank you all for your inputs. I opened a TAC case to get an offical statement from cisco.
Regards Reto Am Sonntag, 6. November 2016 schrieb Joshua Warcop : > That signature algorithm simply isn't supported. It's new with Windows > Server 2012 CA installations. You have no other choice but to reissue the > CA certificates with a different algorithm or use a different root chain > completely. All certificates in the chain must be supported. > > There is a process to change the CA and my recommendation is to fix the > CA. This is another case of Microsoft using custom stuff thinking their > products only ever live in pure Microsoft environments. > > > > ---- On Wed, 02 Nov 2016 05:52:59 -0400 Reto Gassmann<[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote ---- > > Hello group > > I tried to install CA signed certificates for tomcat and xmpp on our UCM > and IM&P Server. > I could upload the Root and the intermediate certificates to the servers. > Then I tried to upload the signed xmpp certificate an got the following > error: java.security.cert.CertPathBuilderExeption: No such signature > agorithm. > I also tried to upload the certificate chain with the same result. > > Our Microsoft CA uses the RSASSA-PSS signature algorithm. I found the Bug > CSCuz38372 that describes an issue with this signature algorithm and CUCM > servers. > We cannot change the signing algorithm on the CA. So I have to solve it on > the UCM. > > Has anyone seen this and found a solution? > Thanks Reto > _______________________________________________ > cisco-voip mailing list > [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');> > https://puck.nether.net/mailman/listinfo/cisco-voip > >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
