BugZero | WatchGuard Technologies BugID kA10H000000g3kCSAQ - Management Server AD authentication certificate va...

WatchGuard Technologies - Defect ID: kA10H000000g3kCSAQ

Management Server AD authentication certificate validation fails when AD server certificate has RSASSA-PSS signature

WatchGuard Technologies - Defect ID: kA10H000000g3kCSAQ

Management Server AD authentication certificate validation fails when AD server certificate has RSASSA-PSS signature

Last updated on 10/16/2014

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Priority: Unspecified
Status: Resolved
Article View Count: 244

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Priority: Unspecified
Status: Resolved
Article View Count: 244

Issue

If you configure your WatchGuard Management Server to validate the domain controller’s SSL certificate for Active Directory Authentication, certificate validation fails if the Active Directory server has a certificate with an RSASSA-PSS signature. When this occurs, user authentication fails and you can see a log message like this in the application event logs or Management Server log messages: Error (8203), Authentication failed; (error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm) <wmserver_auth peer='127.0.0.1' /> (permission denied)

Workaround/Solution

In the Management Server section of WatchGuard Server Center, select the Active Directory tab and clear the Validate the domain controller’s SSL certificate checkbox.

Original Vendor Announcement

Defect ID: kA1Vr0000009xvJKAQ
WatchGuard Endpoint Security firewall protection's automatic network location is incorrect when using IKEV2 VPN adapters
Defect ID: kA1Vr0000007LVxKAM
WatchGuard Endpoint Security network infrastructure causes Windows BSOD crashes in driver NNSHTTP when browsing pages
Defect ID: kA1Vr0000009AkvKAE
WatchGuard Endpoint Security performance issues and computers erroneously identified as "Unmanaged" with Endpoint Access Enforcement
Defect ID: kA1Vr000000B2JRKA0
Endpoint Security Web Access Control fails to block sites
Defect ID: kA1Vr0000009AhhKAE
WatchGuard Enpoint Security shows Trojan/RansomDecoy.A detections as 'Ignored' in the Threats Detected by the Antivirus tile

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

WatchGuard Technologies - Defect ID: kA10H000000g3kCSAQ

Management Server AD authentication certificate validation fails when AD server certificate has RSASSA-PSS signature

WatchGuard Technologies - Defect ID: kA10H000000g3kCSAQ

Management Server AD authentication certificate validation fails when AD server certificate has RSASSA-PSS signature

Last updated on 10/16/2014

Vendor details

Vendor details

Description

Issue

Workaround/Solution

Links

Top WatchGuard defects by risk score

Ready to prevent the next vendor outage?