"Bad certificate - SIC error 301 for lea" error when fetching 3rd party OPSEC server certificate

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk110559
Technical Level
Product	Quantum Security Management, Multi-Domain Security Management
Version	All
Date Created	30-Mar-2016
Last Modified	24-Mar-2022

Symptoms

"Bad certificate - SIC error 301 for lea" error when fetching 3rd party OPSEC server certificate from the Management server.
Traffic capture for the SSL negotiation phase between the servers shows the Management ICA is set to SHA-256.

Cause

The ICA signature hash algorithm of the Management server in $CPDIR/conf/sic_cert.p12 was set to SHA-256, then configured back with default SHA-1 hash. Per sk103840, OPSEC SDK does not support SHA-256 certificates.

Solution

Note: To view this solution you need to Sign In .