Environment
- App Control Console: 8.0.0 - 8.9.6
- App Control Agent: 8.0.0 - 8.9.0
- Microsoft Windows: All Supported Versions
Symptoms
- Publisher block with error: (IneligibleForApproval: ChainIdx[1] CertId[ # ] MinKeyLength[512] Actual[256])]
- File is using an ECC (Elliptic Curve Cryptography) certificate
Cause
Agent is not expecting a certificate type with a MinKeyLength of less than 512.
Resolution
Enhancements in both Server 8.10.0 (EP-14539) and Agent 8.9.2 (EP-17727) introduce support for varying algorithms and certificate key sizes. Upgrading to these versions (or higher) will permanently resolve this issue.
- RSA and ECC Certificate Key Size settings are managed via System Configuration > Advanced Options > Certificate Options.
- Agent support for these settings was introduced with the release of Agent 8.9.2.
Additional Notes
Related Content