Question

SSL cert Prism Central issue

  • 17 July 2023
  • 5 replies
  • 802 views
M

I receive the following error when trying to use a public signed cert in Prism Central:

Unsupported signature algorithm detected on one or more certificates in CA chain. Please refer to the FIPS 140-2 documentation for more information.

 

I did the same for Prism Element a few days ago and that went fine. Followed the exact same steps (minus the FQDN of course) for Central but this throws an error. What's the difference between the 2?

This topic has been closed for comments

5 replies

JeroenTielen
Userlevel 6
Badge +8

How did you create the keypair? It should be one of this:

Key Type

Size/Curve

Signature Algorithm

RSA

2048

SHA256-with-RSAEncryption

EC DSA 256

prime256v1

ecdsa-with-sha256

EC DSA 384

secp384r1

ecdsa-with-sha384

EC DSA 521

secp521r1

ecdsa-with-sha512

 

More info here: https://next.nutanix.com/ncm-intelligent-operations-formerly-prism-pro-ultimate-26/let-s-not-break-the-trust-ssl-certificates-most-things-you-wanted-to-know-37066

Nutanix NTC 2022+2023+2024 || Nutanix NUG Champion || Nutanix Certified Instructor
M

RSA-2048, using openssl. I actually did 4096 first because that's our default and that's what worked in Prism Element. I've switched back to 2048 and it throws the same error.

JeroenTielen
Userlevel 6
Badge +8

RSA-2048, using openssl. I actually did 4096 first because that's our default and that's what worked in Prism Element. I've switched back to 2048 and it throws the same error.

If you change the keypair from 4K back to 2K you need to recreate the certificate. 

Nutanix NTC 2022+2023+2024 || Nutanix NUG Champion || Nutanix Certified Instructor
M

RSA-2048, using openssl. I actually did 4096 first because that's our default and that's what worked in Prism Element. I've switched back to 2048 and it throws the same error.

If you change the keypair from 4K back to 2K you need to recreate the certificate. 

Right and I did that. If you don't it spits out a different error message.

J
Badge

I’m running into the same problem as the OP with Prism Central throwing that error. I generated the CSRs on my linux workstation per the instructions on the Nutanix KB 4978 (therefore using openssl command and RSA2048 for the key) and submitted them to our MS PKI to generate the certificates for our cluster Prism Element and our Prism Central VM. Importing the cert/key/chain for our cluster Prism element was successful. Importing the cert/key/chain for Prism Central failed with the error the OP mentioned.

Terms & Conditions