02-26-2013 05:35 AM - edited 03-10-2019 08:08 PM
For some reason i can't get access anymore to the web interface of our ACS 5.3 appliance.
Where i used to get a certificate warning first, and after that the ACS5 login screen, i now get totally no response anymore in my IE browser.
I can telnet to port 443 of the unit however. And i (fortunately) still have ssh access to the unit. So i did a reload (sorry, microsoft habits) but that did'nt solve anything.
https access to other systems from the same browser is functioning fine
=================================
admin# sh ver
Cisco Application Deployment Engine OS Release: 1.2
ADE-OS Build Version: 1.2.0.228
ADE-OS System Architecture: i386
Copyright (c) 2005-2009 by Cisco Systems, Inc.
All rights reserved.
Hostname: <deleted>
Version information of installed applications
---------------------------------------------
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40.8
Internal Build ID : B.839
Patches :
5-3-0-40-5
5-3-0-40-8
=================================
Solved! Go to Solution.
02-26-2013 06:01 AM
What version of IE are you using? Newer version of IE will not allow you to open secure pages that have less cipher strength.
Have you tried any other browser? In case it works fine with firefox or google chrome the please follow the below listed steps:
There might be a possibility that you downloaded and applied some windows update on your machine and that might have changed the cipher strength of minRSAPubKeyBitLength REG_DWORD from 512 to some higher value.
The below listed command will set the windows registry back to 512
Go to PC from where you are accessing ACS > Start > run > cmd > run the below listed command
C:\Users\Employees>certutil -setreg chain\minRSAPubKeyBitLength 512
Once you're done, try again and let us know.
Jatin Katyal
Regards,
- Do rate helpful posts -
02-26-2013 06:01 AM
What version of IE are you using? Newer version of IE will not allow you to open secure pages that have less cipher strength.
Have you tried any other browser? In case it works fine with firefox or google chrome the please follow the below listed steps:
There might be a possibility that you downloaded and applied some windows update on your machine and that might have changed the cipher strength of minRSAPubKeyBitLength REG_DWORD from 512 to some higher value.
The below listed command will set the windows registry back to 512
Go to PC from where you are accessing ACS > Start > run > cmd > run the below listed command
C:\Users\Employees>certutil -setreg chain\minRSAPubKeyBitLength 512
Once you're done, try again and let us know.
Jatin Katyal
Regards,
- Do rate helpful posts -
02-26-2013 07:43 AM
Thanks - after installing firefox i can get https access to our box again.
I used IE8 so far. The certutil utility does not seem to work due to a rights issue.
02-26-2013 08:26 AM
Good to see that.
Jatin Katyal
- Do rate helpful posts -
03-06-2013 05:35 AM
Our issue is solved (or workaround) by using Firefox.
But can we also install a 1024 of 2048bit keylength certificate on the ACS?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide