It's all about the answers!

Ask a question

Which SHA* Certificate Algorithms are supported by RTC?

Corey Jacobs (641937) | asked Oct 06 '15, 7:54 p.m.
I'm using JTS/RTC/RQM 4.0.7 with Tomcat 7.0.61 installed on Windows 2008 Server R2 Enterprise VM.  
I'm receiving failing scans with the certificate due to SHA1withRSA algorithm being used.  The failing scan complains: The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). 

I made a CSR through ikeyman on the Windows Server machine, with SHA256withRSA and 2048 for key size.  I used the IBM Internal CA for my certificates.   I successfully receive the DER/JKS/cert files and import them through ikeyman.  I also made sure to update the tomcat\conf\server.xml file to  point to this new jks file.  However when starting up the Rational Applications and going to the urls, I have problems with the apps with both firefox & chrome:
An error occurred during a connection to jts:9446. Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)

Does JTS/RTC/RQM support SHA256withRSA algorithm for certificates?  If not would any of the following (SHA2WithECDSA, SHA3WithECDSA,,SHA5WithECDSA, SHA284WithRSA, SHA512WithRSA) work?  I can also list the ciphers used in server.xml file if need be as well.

Accepted answer

permanent link
Donald Nong (14.4k314) | answered Oct 07 '15, 2:42 a.m.
That should be a Tomcat issue rather than CLM. The error occurred when your browser tried to established an SSL connection with the Tomcat server, so the direction of your research should be a bit different. It may be similar to this:

If in the jts.log or ccm.log file, you see connection errors that they cannot connect to each other, then the problem lies in the product itself.
Corey Jacobs selected this answer as the correct answer

Your answer

Register or to post your answer.