05-09-2013 07:20 AM - edited 03-10-2019 08:24 PM
Hi
I am trying EAP-TLS authentication on ACS 5.1.
I have placed the Root CA of the device certitifcate on ACS.
But getting this error.
OpenSSLErrorMessage=SSL alert
code=0x233=563 ; source=local ; type=fatal ; message="X509 decrypt error - certificate signature failure"
OpenSSLErrorStack= 3055889312:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2649
Can anyone help in debugging the issue, is it problem with Device's root CA certificate or anything else
Thanks
05-09-2013 07:29 AM
Only SHA2 256-bit certificate digest algorithm is supported by ACS 5.2 and above.
Jatin Katyal
- Do rate helpful posts -
05-09-2013 07:30 AM
Hi Smita,
Similar post but with ISE:
https://supportforums.cisco.com/thread/2135392
Are we using SHA 2 certs anywhere here?
ACS 5.2 supports SHA 256.
Rate if useful
05-09-2013 07:52 PM
Thanks for you prompt help.
The root CA certificates are using SHA256, I also searched and found that this error could be becoz of using SHA256,
Thanks for reply and confirming.
05-10-2013 07:42 AM
Your welcome! Please upgrade the ACS to the latest code, if you have that option available.
Jatin Katyal
- Do rate helpful posts -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide