Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi everyone,I'm currently having issues testing OCSP servers for certificate validation on ACS 5.4. Server team claims everything is fine on their side, but all attempts result in the following error:12562 OCSP server response is invalidI've already...
Dear all,I'm currently evaluating a scenario where AAA request are load balanced across multiple ACS 5.3 instances. The application delivery controller runs in L3 mode, which naturally causes the original packet's source IP address to be replaced by ...
Hi,
In my case it turned out that the OCSP responder URL was incorrect. In fact I was missing the /ocsp suffix.
ACS logs can be somewhat ambiguous, so best try to query the OSCP responder with openssl and look for any hints in the response:openssl oc...
Hi,basically what happens is that the maximum EAP packet size for communication between client and RADIUS server is negotiated. Therefore, in your case the switch notifies NPS that the client is capable of handling packets up to 9000 bytes in size.EA...
Hi Sergey,thanks for the hint with the OpenSSL utility.Apparently there seems to be an issue with our OCSP responders:30545:error:27070072:OCSP routines:OCSP_sendreq_bio:server response error:ocsp_ht.c:147:Code=405,Reason=Method Not AllowedAfter some...
Hi Tarik,Your assumption was perfectly right. Setting the logging level for runtime-crypto to debug did the trick.Following this, I've got one more question. The debug output contains a reference to another log file named 'customer log' containing mo...
Hi Tarik,thanks for your reply.Unfortunately we haven't had a successful attempt so far, meaning that the cache is empty. Nonetheless, I've tried to clear it, but to no avail.The exact log message sequence is as follows:12568 Lookup user certificate...
