PAM is connecting to a SQL server trying to verify a target account but getting the following error:
SEVERE: UpdateTargetAccountCmd.invoke -1: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints".
The server side certificate might be using SHA1 algorithm.
Try openssl command against your MSSQL server service port to check the server certificate.
openssl s_client -connect <MSSQL IP>:<Port>
This should list your server certificate.
Copy the certificate part where it starts(and including) -----BEGING CERTIFICATE----- and until(and including) -----END CERTIFICATE----- and an empty line after that in to a text file
For example, save the certificate below.
Let's say you saved the certificate as cert.txt
Then run the following command against that file to confirm if it is SHA1 or SHA2.
openssl x509 -text -in cert.txt
This will output something like below:
Certificate: Data: Version: 3 (0x2)
Serial Number: 47:2b:43:a2:d3:8b:77:ea
Signature Algorithm: sha256WithRSAEncryption
In the above sample, you can see it is using SHA2
SHA1 is obsolete so you need to ensure your server certificate is SHA2.