The server side certificate might be using SHA1 algorithm.
Try openssl command against your MSSQL server service port to check the server certificate.
openssl s_client -connect <MSSQL IP>:<Port>
This should list your server certificate.
Copy the certificate part where it starts(and including) -----BEGING CERTIFICATE----- and until(and including) -----END CERTIFICATE----- and an empty line after that in to a text file
For example, save the certificate below.
=====BEGIN SAMPLE=====
-----BEGIN CERTIFICATE-----
AAAABBBBCCCCDDDD
EEEEFFFF1111222233==
-----END CERTIFICATE-----
=====END SAMPLE=====
Let's say you saved the certificate as cert.txt
Then run the following command against that file to confirm if it is SHA1 or SHA2.
openssl x509 -text -in cert.txt
This will output something like below:
Certificate: Data: Version: 3 (0x2)
Serial Number: 47:2b:43:a2:d3:8b:77:ea
Signature Algorithm: sha256WithRSAEncryption
In the above sample, you can see it is using SHA2
SHA1 is obsolete so you need to ensure your server certificate is SHA2.
Possible resolution 2
There was a report where the primary PAM server was pinned to the old certificate still. Even when they installed the new certs it was still using the old certificate. Deleted all the old certificates and reapplied the new certificates. This fixed the java algorithm error.