NetScaler-14.1-LDAP authentication with SSL port 636 fails after upgrading from NetScaler 13.1 to 14.1-47.46

book

Article ID: CTX694822

calendar_today

Updated On:

Description

LDAP authentication with SSL port 636 failed after upgrading from NetScaler 13.1 to 14.1-47.46. After downgrading NetScaler back to 13.1, it works well.

Cause

In 13.1, the Signature Hash Algorithms extension in the Client Hello sent by NetScaler contains "rsa-pkcs_sha1".

However, after upgrading to NetScaler 14.1-47.46, the Signature Hash Algorithms extension in the Client Hello sent by NetScaler doesn't contain "rsa-pkcs_sha1" any more . In this situation, if the server certificate uses SHA1 as the signature hash algorithm , the SSL handshake will fail.

Resolution

SHA1 is deprecated as a certificate signature algorithm. We can solve this issue by updating the server certificate in LDAP server to one using SHA256 or higher.

Issue/Introduction

LDAP authentication with SSL port 636 failed after upgrading from NetScaler 13.1 to 14.1-47.46

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"