Forum Discussion
daboochmeister
Dec 30, 2014Cirrus
I was hoping to come back and confirm that 11.5 handles RSASSA-PSS, Kevin, but unfortunately I didn't have a chance - before we upgraded to 11.5.1, we had to rebuild our CA chain (and reissue certs across the board) using sha256, because of other devices (Cisco ISEs, etc.) that clearly documented that they wouldn't handle RSASSA-PSS. If anyone reading this knows for sure that RSASSA-PSS is supported at 11.5 or later, pls confirm so!
- boneyardJan 14, 2015MVPi wouldn't mind checking but i seem unable to generate such a certificate with openssl or xca, if you can provide me one or explain how to create it i can have a look.
- daboochmeisterJan 14, 2015CirrusSorry, boneyard, appreciate it, but we tore down our CA that used RSASSA-PSS ... apparently, a Windows CA burns in the algorithm to be used and you can't change it from the default request by request (which seems weird to me, but that's what I'm being told).
- candcJul 18, 2016Cirrus
Still definitely an issue for me on 12.0.0
- boneyardJul 18, 2016MVP
can you guide me in how to create such a certificate candcgroup, it like to give it a try.