Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1779
Views
4
Helpful
7
Replies

ACS 5.5 and Certificate Validation Error: Certificate binding failed. No matching signing request found.

Filip Po
Level 1
Level 1

‎11-23-2016 08:27 AM - edited ‎03-11-2019 12:15 AM

Dear Community,

I generate Sign Request, than sign it on CA.

Then try to upload it back but error arrise: Certificate Validation Error: 'Certificate binding failed. No matching signing request found.'

I used ACS 5.5.0.47 Patch 7.

Did anyone went through this error?

I tried use another CA, but the result is the same.

I already checked validity of CA cert.

Thank you.

Kind regards, 

Filip

Labels:
0 Helpful
7 Replies 7

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎11-23-2016 11:48 AM

Hi Filip,

When you say you have checked the validity of cert, how did you check it?

You can check here if CSR and certificate are a match:

https://www.sslshopper.com/certificate-key-matcher.html

If yes, what is the format of the certificate that you are  trying to upload? Supported formats are cer, der and pem.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Filip Po
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-23-2016 02:39 PM

I checked certificate of CA if is still valid on ACS.

Thank you for link, for test purpose looks well.

I use .cer format.

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Filip Po

‎11-23-2016 02:47 PM

Hi Filip,

You are welcome!

So when you check certificate (identity) as well as the CSR in the link provided, does it match fine?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

Filip Po
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-23-2016 02:48 PM

Here is positive results.

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Filip Po

‎11-23-2016 02:59 PM

Hi Filip,

So you go to "outstanding signing requests" and you see the same CSR, and then when you go here "System Administration >     Configuration >     Local Server Certificates >     Local Certificates  >     Create" ,  you select " Bind CA certificate", browse and you get the error, corrrect?

Is it possible to share the certificate?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

Filip Po
Level 1
Level 1
In response to Kanwaljeet Singh

‎11-23-2016 03:21 PM

Yes correct I used Bind CA certificate.

I opened TAC case recently. By me it is than internal issue of ACS.

0 Helpful

Filip Po
Level 1
Level 1

‎11-24-2016 12:30 AM

Here is the soluton: There should be only one CSR in the list! Then it worked and ACS bind CA ussued certificate to CSR.

There is no information in documentation or release notes that I have to have only one CSR in the list under System Administration > Configuration > Local Server Certificates > Outstanding Signing Requests at the time when I try to bind CA signed certificate.

  1. Delete the all old CSR.
  2. Please try generating another CSR. Ensure you see the CSR in Outstanding Signing Requests. Generate the certificate for this and try binding the new certificate again.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents