search cancel

AdminUI error on importing new certification for federation


Article ID: 7560


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We encountered below error on importing a new certificate via the AdminUI


2017-05-08 17:30:25,033 ERROR [] (http- **ERROR** commiting keystore change for alias citrix-enidrive-2017. com.rsa.certj.cert.CertificateException: Unknown or invalid signature algorithm



Is there a workaround to importing the type of certs with SHA256NoSign provided by the SP?


AdminUI 12.52SP1CR02 on RedHat 6 64bit; Policy Server 12.52SP1CR02 on RedHat 6 64bit;


The issue is related to the signature algorithm being used:

-> Signature Algorithm : sha256NoSign

-> Algorithm being used is not supported:

-> Sign Algorithms:

- MD5withRSA, SHA1withRSA, SHA256withRSA & SHA512withRSA


As you see, there's no mention of sha256NoSign


To solve the issue, you have to use a supported signature algorithm according to documentation :


Encryption and Decryption Algorithms



Additional Information