Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1059
Views
5
Helpful
4
Replies

ACS5.3: https access stopped working

Go to solution
joopv
Level 1
Level 1

‎02-26-2013 05:35 AM - edited ‎03-10-2019 08:08 PM

For some reason i can't get access anymore to the web interface of our ACS 5.3 appliance.

Where i used to get a certificate warning first, and after that the ACS5 login screen, i now get totally no response anymore in my IE browser.

I can telnet to port 443 of the unit however.  And i (fortunately) still have ssh access to the unit.  So i did a reload (sorry, microsoft habits) but that did'nt solve anything.

https access to other systems from the same browser is functioning fine

=================================

admin# sh ver

Cisco Application Deployment Engine OS Release: 1.2
ADE-OS Build Version: 1.2.0.228
ADE-OS System Architecture: i386

Copyright (c) 2005-2009 by Cisco Systems, Inc.
All rights reserved.
Hostname: <deleted>


Version information of installed applications
---------------------------------------------


Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40.8
Internal Build ID : B.839
Patches :
5-3-0-40-5
5-3-0-40-8

=================================

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎02-26-2013 06:01 AM

What version of IE are you using? Newer version of IE will not allow you to open secure pages that have less cipher strength.

Have you tried any other browser? In case it works fine with firefox or google chrome the please follow the below listed steps:

There might be a possibility that you downloaded and applied some       windows update on your machine and that might have changed the       cipher strength of minRSAPubKeyBitLength REG_DWORD from 512 to       some higher value.

The below listed command will set the windows registry back to 512

Go to PC from where you are accessing ACS > Start > run >       cmd > run the below listed command

C:\Users\Employees>certutil -setreg chain\minRSAPubKeyBitLength       512

Once you're done, try again and let us know.

Jatin Katyal
Regards,

- Do rate helpful posts -

~Jatin

View solution in original post

4 Replies 4

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎02-26-2013 06:01 AM

What version of IE are you using? Newer version of IE will not allow you to open secure pages that have less cipher strength.

Have you tried any other browser? In case it works fine with firefox or google chrome the please follow the below listed steps:

There might be a possibility that you downloaded and applied some       windows update on your machine and that might have changed the       cipher strength of minRSAPubKeyBitLength REG_DWORD from 512 to       some higher value.

The below listed command will set the windows registry back to 512

Go to PC from where you are accessing ACS > Start > run >       cmd > run the below listed command

C:\Users\Employees>certutil -setreg chain\minRSAPubKeyBitLength       512

Once you're done, try again and let us know.

Jatin Katyal
Regards,

- Do rate helpful posts -

~Jatin

Go to solution
joopv
Level 1
Level 1
In response to Jatin Katyal

‎02-26-2013 07:43 AM

Thanks - after installing firefox i can get https access to our box again.

I used IE8 so far.  The certutil utility does not seem to work due to a rights issue.

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to joopv

‎02-26-2013 08:26 AM

Good to see that.

Jatin Katyal


- Do rate helpful posts -

~Jatin
0 Helpful

Go to solution
joopv
Level 1
Level 1
In response to Jatin Katyal

‎03-06-2013 05:35 AM

Our issue is solved (or workaround) by using Firefox.

But can we also install a 1024 of 2048bit keylength certificate on the ACS?

0 Helpful
Customers Also Viewed These Support Documents