We have a certificate that has used the RSASSA-PSS signature algorithm. (It happens to be our root level internal self-signed CA certificate)
When the Gateway attempts to verify the signature we get log messages like:
The OID identifies the RSASSA-PSS algorithm.
$ /opt/SecureSpan/JDK/bin/java -version
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_222-b10)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.222-b10, mixed mode)
I've checked the issue database at OpenJDK and it appears a bunch of work has been going on to support this. I cannot see however that in our particular circumstances whether this ought to work or not.
Is this known to work? Is it supported?
Release : 9.4
Component : API GATEWAY