SecureAuth IdP Version affected: All
Description:
This article describes an issue that can prevent web clients from connecting with a SecureAuth IdP Appliance over TLS 1.2, and how to resolve it.
Cause:
If the Windows Trusted Root Certification Authorities container grows too large, then it can exceed the Schannel security package limit. Currently, the maximum size of the trusted certificate authorities list that the Schannel security package supports is 16 kilobytes (KB). Having a large amount of Third-party Root Certificate Authorities will go over the 16 KB limit, which cause TLS communication issues.
Symptoms:
If this condition is present on an appliance, then the following log entry is seen:
Log | System | |
Source | Schannel | |
Event ID | 36885 | |
Message |
|
Resolution:
To resolve this issue, the Root Certification Authorities container must be pared down to stay within the 16 KB Schannel limit. Make sure to leave the following certificates in place so operation of the SecureAuth IdP Appliance is not impacted:
Comments
Please sign in to leave a comment.