Re: Cisco ACS 5.3 .pem file parse error in Win2003 CA

michael mearlon · ‎02-01-2012

I continue to export a Certificate Signing Request for our local CA. They insist they are getting a parsing error (Invalid algorithm specified) when they cut and past or import the file I send them. In fact, they have stated that they have had this error with another Linux-based CSR.

I'm not find this issue prevalent on the Internet, so I wonder is this if a user issue on their behalf or the fact that they are using a Win2003 box as a local CA.

Can anyone assist as to how to get a Cisco ACS ".pem" file signed in a local Win2003 CA or advise to an alternative to configuring 802.1x using EAP-TLS?

camejia · ‎02-01-2012

Hello Michael,

Which specific CN format are you using when generating the CSR? Can you share it?

It is a common scenario to use Windows Server 2003 In-house CA signing ACS and Client certificates for EAP-TLS. If possible can you share the .pem file you saved from the ACS CSR as well?

I would like to try signing it with my lab Windows Server 2003 CA and see how that goes.

Regards.

michael mearlon · ‎02-01-2012

Sorry Carlos,

My ISO stated that he did not want the risk. So I cannot send you any file. I can tell you that I was using the SHA256 option for hashing and Windows 2003 did not like it. According to what I found on Microsoft’s Technet, Windows 2003 does not support SHA256. I then recreated another CSR in SHA1 (available option from ACS 5.3) and this time the CA kicked out a .der certificate.

Thank you,

Michael Mearlon

Network Operations Bureau

CDSS - Information Systems Division

camejia · ‎02-01-2012

Hello Michael,

Thanks for the confirmation and I will keep it in mind.

Best regards.