Unisphere for PowerMax: Configuring LDAP-SSL gives error as "Invalid SSL Certificate Error Certificates do not conform to algorithm constraints"
Summary: Configuring LDAP-SSL in Unsiphere for PowerMax 9.1, fails with error message "Invalid SSL Certificate Error Certificates do not conform to algorithm constraints"
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Errors in smas.log:
Line 160196: Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: 1.2.840.113549.1.1.10 Line 160196: Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: 1.2.840.113549.1.1.10 Line 160201: 2021-09-01 09:45:37,324 ERROR [em.bp.SECURITY] (default task-57) com.emc.em.sage.usermgmt.AuthenticationConfigCommandProcessor.processValidateLdapConfigCommand:Failed to update LDAP value: com.emc.em.common.security.ldap.LdapConfigurationException: Invalid SSL Certificate Error Certificates do not conform to algorithm constraints
Cause
The signature algorithm used was RSASSA-PSS which is NOT supported.
The ID in the error message 1.2.840.113549.1.1.10 confirms that the signature algorithm is RSASSA-PSS
The ID in the error message 1.2.840.113549.1.1.10 confirms that the signature algorithm is RSASSA-PSS
Resolution
Customer must change the algorithm to supported algorithm (SHA256) and renew the certificate.
After renewing the certificate with the supported algorithm, LDAP-SSL can be configured successfully.
After renewing the certificate with the supported algorithm, LDAP-SSL can be configured successfully.
Affected Products
Unisphere for PowerMaxArticle Properties
Article Number: 000191548
Article Type: Solution
Last Modified: 12 Oct 2022
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.