cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2309
Views
13
Helpful
3
Replies

Cisco ACS 5.3 .pem file parse error in Win2003 CA

michael mearlon
Level 1
Level 1

I continue to export a Certificate Signing Request for our local CA.  They insist they are getting a parsing error (Invalid algorithm specified) when they cut and past or import the file I send them.  In fact, they have stated that they have had this error with another Linux-based CSR.

I'm not find this issue prevalent on the Internet, so I wonder is this if a user issue on their behalf or the fact that they are using a Win2003 box as a local CA.

Can anyone assist as to how to get a Cisco ACS ".pem" file signed in a local Win2003 CA or advise to an alternative to configuring 802.1x using EAP-TLS?

3 Replies 3

camejia
Level 3
Level 3

Hello Michael,

Which specific CN format are you using when generating the CSR? Can you share it?

It is a common scenario to use Windows Server 2003 In-house CA signing ACS and Client certificates for EAP-TLS. If possible can you share the .pem file you saved from the ACS CSR as well?

I would like to try signing it with my lab Windows Server 2003 CA and see how that goes.

Regards.

Sorry Carlos,

My ISO stated that he did not want the risk. So I cannot send you any file.  I can tell you that I was using the SHA256 option for hashing and Windows 2003 did not like it.  According to what I found on Microsoft’s Technet, Windows 2003 does not support SHA256.  I then recreated another CSR in SHA1 (available option from ACS 5.3) and this time the CA kicked out a .der certificate.

Thank you,

Michael Mearlon

Network Operations Bureau

CDSS - Information Systems Division

Hello Michael,

Thanks for the confirmation and I will keep it in mind.

Best regards.