Operational Defect Database
BugZero found this defect 3503 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3kCSAQ
Management Server AD authentication certificate validation fails when AD server certificate has RSASSA-PSS signature
Last update date:
10/16/2014
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.10.x
11.10.1
11.10.2
11.10.3
Fixed releases:
All
Description:
Issue
If you configure your WatchGuard Management Server to validate the domain controller’s SSL certificate for Active Directory Authentication, certificate validation fails if the Active Directory server has a certificate with an RSASSA-PSS signature. When this occurs, user authentication fails and you can see a log message like this in the application event logs or Management Server log messages: Error (8203), Authentication failed; (error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm) <wmserver_auth peer='127.0.0.1' /> (permission denied)
Workaround/Solution
In the Management Server section of WatchGuard Server Center, select the Active Directory tab and clear the Validate the domain controller’s SSL certificate checkbox.
