AdminUI error on importing new certification for federation

Document ID : KB000007560
Last Modified Date : 14/02/2018
Show Technical Document Details

We encountered below error on importing a new certificate via the AdminUI


2017-05-08 17:30:25,033 ERROR [] (http- **ERROR** commiting keystore change for alias citrix-enidrive-2017. com.rsa.certj.cert.CertificateException: Unknown or invalid signature algorithm



Is there a workaround to importing the type of certs with SHA256NoSign provided by the SP?

AdminUI 12.52SP1CR02 on RedHat 6 64bit; Policy Server 12.52SP1CR02 on RedHat 6 64bit;

The issue is related to the signature algorithm being used:

-> Signature Algorithm : sha256NoSign

-> Algorithm being used is not supported:

-> Sign Algorithms:

- MD5withRSA, SHA1withRSA, SHA256withRSA & SHA512withRSA


As you see, there's no mention of sha256NoSign


To solve the issue, you have to use a supported signature algorithm according to documentation :


Encryption and Decryption Algorithms



Additional Information: