Problem

After importing an SSH public key in SecureTransport 5.2.1 SP9, it gets imported with a MD5withRSA signature algorithm, instead of SHA256withRSA.

This causes the newly imported key to be shown as "Not chained to a trusted root" when checked and SSH users cannot login with their private keys.

Resolution

The "Not chained to a trusted root" message and the keys' malfunction is due to the MD5 algorithm being disabled in ST as a security precaution. The scenario is similar to the one described in KB 177934.

Until a permanent fix is provided with a Patch or a Service Pack, the MD5 signature algorithm can be re-enabled as an allowed algorithm. To do so, follow these steps on all SecureTransport servers:

1. Navigate to the $FILEDRIVEHOME/jre/lib/security folder.

2. Take backup of the java.security file.

3. Edit the original file and remove any instances of MD5withRSA and MD5 from it.

4. Save the file and restart all ST services