Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ACS 5.3 .pem file parse error in Win2003 CA

I continue to export a Certificate Signing Request for our local CA.  They insist they are getting a parsing error (Invalid algorithm specified) when they cut and past or import the file I send them.  In fact, they have stated that they have had this error with another Linux-based CSR.

I'm not find this issue prevalent on the Internet, so I wonder is this if a user issue on their behalf or the fact that they are using a Win2003 box as a local CA.

Can anyone assist as to how to get a Cisco ACS ".pem" file signed in a local Win2003 CA or advise to an alternative to configuring 802.1x using EAP-TLS?


Cisco ACS 5.3 .pem file parse error in Win2003 CA

Hello Michael,

Which specific CN format are you using when generating the CSR? Can you share it?

It is a common scenario to use Windows Server 2003 In-house CA signing ACS and Client certificates for EAP-TLS. If possible can you share the .pem file you saved from the ACS CSR as well?

I would like to try signing it with my lab Windows Server 2003 CA and see how that goes.


New Member

Re: Cisco ACS 5.3 .pem file parse error in Win2003 CA

Sorry Carlos,

My ISO stated that he did not want the risk. So I cannot send you any file.  I can tell you that I was using the SHA256 option for hashing and Windows 2003 did not like it.  According to what I found on Microsoft’s Technet, Windows 2003 does not support SHA256.  I then recreated another CSR in SHA1 (available option from ACS 5.3) and this time the CA kicked out a .der certificate.

Thank you,

Michael Mearlon

Network Operations Bureau

CDSS - Information Systems Division


Re: Cisco ACS 5.3 .pem file parse error in Win2003 CA

Hello Michael,

Thanks for the confirmation and I will keep it in mind.

Best regards.