Client authentication with ECC certificate failing
Article ID: CTX231492
Updated On:
Description
Unable to authenticate using client cert auth with certificate that contains an ECC public key.
Resolution
Replace the bound CA cert with a cert that has a matching public key type.
If the CA certs public key is RSA, for example, you will see this counter incrementing - ssl_err_cvm_cmd_ecdsa_sig_mismatch
Problem Cause
The bound CA cert's public key type must match. If the client cert is ECC the CA cert must also be ECC.If the CA certs public key is RSA, for example, you will see this counter incrementing - ssl_err_cvm_cmd_ecdsa_sig_mismatch
Additional Information
The documentation states “For client authentication, an ECDSA CA certificate must be bound to the virtual server.”
Taken from https://docs.citrix.com/en-us/netscaler/11-1/ssl/customize-ssl-config/ecdsa_cipher_suite_support_on_mpx_appliances_with_n3_chips.html
Taken from https://docs.citrix.com/en-us/netscaler/11-1/ssl/customize-ssl-config/ecdsa_cipher_suite_support_on_mpx_appliances_with_n3_chips.html
Was this article helpful?
Yes
No
Powered by
