I continue to export a Certificate Signing Request for our local CA. They insist they are getting a parsing error (Invalid algorithm specified) when they cut and past or import the file I send them. In fact, they have stated that they have had this error with another Linux-based CSR.
I'm not find this issue prevalent on the Internet, so I wonder is this if a user issue on their behalf or the fact that they are using a Win2003 box as a local CA.
Can anyone assist as to how to get a Cisco ACS ".pem" file signed in a local Win2003 CA or advise to an alternative to configuring 802.1x using EAP-TLS?
Which specific CN format are you using when generating the CSR? Can you share it?
It is a common scenario to use Windows Server 2003 In-house CA signing ACS and Client certificates for EAP-TLS. If possible can you share the .pem file you saved from the ACS CSR as well?
I would like to try signing it with my lab Windows Server 2003 CA and see how that goes.
My ISO stated that he did not want the risk. So I cannot send you any file. I can tell you that I was using the SHA256 option for hashing and Windows 2003 did not like it. According to what I found on Microsoft’s Technet, Windows 2003 does not support SHA256. I then recreated another CSR in SHA1 (available option from ACS 5.3) and this time the CA kicked out a .der certificate.
Network Operations Bureau
CDSS - Information Systems Division