ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Messaging Gateway errors when using DDS source with TLS
book
Article ID: 173432
calendar_today
Updated On:
Products
Messaging Gateway
Issue/Introduction
Symantec Messaging Gateway (SMG) is trying to connect with a DDS source via SSL/TLS. The DDS source presents a certificate that uses the RSASSA-PSS algorithm.
Permanent failure while attempting to search data source: <hostname> Reason: Algorithm constraints check failed on signature algorithm: 1.2.840.113549.1.1.10
Cause
RSASSA-PSS [OID 1.2.840.113549.1.1.10] is not a supported signing algorithm in SMG. Because the SMG does not use that algorithm, it will drop the connection, as it cannot maintain the TLS handshake.
Resolution
Remediation:
There are two main ways to resolve this issue:
Do not use SSL/TLS with the DDS source.
Replace the certificate on the DDS source with one that does not use RSASSA-PSS as its signing algorithm.