Symptom

Unable to delete any certificate from Administration/ System/ Certificate Management/ Trusted Certificates Internal error. Ask your system administrator to check the logs for more details. /ise-psc.log/ 2024-01-26 06:44:11,491 INFO [admin-http-pool3][[]] cpm.infrastructure.certmgmt.util.CertificateAuthorityUtil -:admin::deleteCertFromStore:- :::-CertFlow-:::- Checking if the selected trust certificate is issuer for any other certificate 2024-01-26 06:44:11,589 ERROR [admin-http-pool3][[]] cpm.infrastructure.certmgmt.util.CertMgmtUtils -:admin::deleteCertFromStore:- Failed to parse certificate. java.security.NoSuchAlgorithmException: no such algorithm: SHA256withECDSA for provider BCFIPS at sun.security.jca.GetInstance.getService(GetInstance.java:101) ~[?:1.8.0_292] 2024-01-26 06:44:11,590 ERROR [admin-http-pool3][[]] admin.caservice.certmgmt.action.TrustedCertificatesAction -:admin::deleteCertFromStore:- java.security.NoSuchAlgorithmException: no such algorithm: SHA256withECDSA for provider BCFIPS com.cisco.cpm.infrastructure.certmgmt.api.CertMgmtException: java.security.NoSuchAlgorithmException: no such algorithm: SHA256withECDSA for provider BCFIPS at com.cisco.cpm.infrastructure.certmgmt.util.CertMgmtUtils.isIssuingCert(CertMgmtUtils.java:792) ~[certmgmt-3.2.0-542.jar:?] ref. CSCwc20000

Conditions

ISE 3.2 patch 4 Imported ECDSA Certificates in Trust Store

Workaround

Export Trusted Certificates via OpenAPI, filter based on signatureAlgorithm (anything containing ECDSA) remove via SQL from UPSTRUSTCERTIFICATE and UPSTRUSTCERTIFICATE_ISEROLES based on ID

Further Problem Description