• When attempting to upload a certificate in NSX 4.2 or later, you may encounter the error message:

  Error: The certificate uses an unsupported signature algorithm: 1.2.840.113549.1.1.5. Supported algorithms are: [SHA256WithRsaEncryption, SHA384WithRsaEncryption, ECDSA-WITH-SHA256, ECDSA-WITH-SHA384, ECDSA-WITH-SHA512, SHA512WithRsaEncryption, DSA-WITH-SHA256] (Error code: 2071)

• This error indicates that the signature algorithm of the uploaded certificate does not align with NSX 4.2’s cryptographic compatibility requirements.
• If the error provides an OID (long series of digits and dots) as the currently used signature algorithm, you may search online to map it to the name of the algorithm.
  For example: 1.2.840.113549.1.1.5 is sha1-with-rsa-signature
• The certificate may be self-signed leaf, CA-signed leaf or root CA certificates.

To resolve the issue, you must replace the certificate with one that meets the following minimum requirements:

• Use certificates signed with supported algorithms, such as SHA-256 or stronger, and with a minimum key size of 2048 bits.
  
  
• Verify that the certificate does not use deprecated algorithms like SHA1 or MD5
• Avoid unsupported protocols or cipher suites such as 3DES, SSL 3.0, TLS 1.0, and TLS 1.1.
  
  
• When importing a CA-signed leaf certificate, ensure every certificate in the chain (Root and Intermediate) is complaint.