Hello fellow mappers!
I'm having an issue with Portal/Server (10.5.1) federation validation when using certificates signed with the RSASSA-PSS (SHA1withRSAandMGF1) signature algorithm.
The certificates along with root and intermediate certificates installed fine, so no problems there.
The system operates within a Windows Domain so i'm assuming that it's an MS CA doing the signing.
The error i'm receiving when validating is the following:
Error: javax.net.ssl.SSLHanshakeException: java.security.cert.CertificateException: Certificate does not conform to algorithm constraints
I believe this is causing some other issues relating to CPU flooding from the javaw.exe process over time, causing the Portal server to become unresponsive as well as not being able to contact the ArcGIS DataStore due to the issues validating the hosting server.
So I've got two questions:
- Does anyone know when Java/Esri will support the above algorithm constraints?
- Is it possible for the CA to "simply" sign the CSR with a supported algorithm to establish normal operations?