This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Insta issued client certificates are rejected by sas.goog

Posted on 07-18-2023 04:10 AM
mariolopes
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello everyone.

We have some certificates issued by Insta, based on keys created by us, which then are rejected by the server.

Is there a need to have the certificates added into some not so obvious UI place, so then the server accepts the certificates? Some other place to which I should have a look into?

Everything else from a certificate perspective seems correct, by using some openssl commands.

Thanks.

Solved Solved
1 5 392
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
James_S
Staff
Reply posted on --/--/---- --:-- AM

Hi Mario,

CPI certificates are the only certificates that make use of the SAS Portal UI. More details regarding that can be found in the SAS Help Center. For issues regarding the certificates installed on your CBSD(s), I would recommend reaching out to your CBSD vendor to make sure that your certificates are installed correctly . If you receive confirmation that the certificates are installed correctly, please check with Insta that the certificates are still valid. If you receive confirmation from both your CBSD vendor and Insta that everything looks correct, please open a ticket with GCP support.

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
James_S
Staff
Reply posted on --/--/---- --:-- AM

Hi Mario,

CPI certificates are the only certificates that make use of the SAS Portal UI. More details regarding that can be found in the SAS Help Center. For issues regarding the certificates installed on your CBSD(s), I would recommend reaching out to your CBSD vendor to make sure that your certificates are installed correctly . If you receive confirmation that the certificates are installed correctly, please check with Insta that the certificates are still valid. If you receive confirmation from both your CBSD vendor and Insta that everything looks correct, please open a ticket with GCP support.

Jump to Solution

Posted on --/--/---- --:-- AM
mariolopes
Bronze 1
Bronze 1
In response to James_S
Reply posted on --/--/---- --:-- AM

Hello James.

There was an issue with an intermediate certificate. That was solved and now everything works.

This can be closed (if applicable).

Thanks.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
johnyri
Bronze 1
Bronze 1
In response to James_S
Reply posted on --/--/---- --:-- AM

Hello James, I have a similar problem with insta cert. It works in the CBSD to get SAS authorization but the cert does not work from the portal when I try to verify CPI identity. I do have messages into Baicells (not their issue at all) and to Nokia/Insta where I obtained my cert. Again, it does work when I place it in CBSD but not in Google Portal. Any help would be very appreciated.

Thank you. 

Jump to Solution

Posted on --/--/---- --:-- AM
James_S
Staff
In response to johnyri
Reply posted on --/--/---- --:-- AM

Hi John,

Can you please confirm with your TPA that your certificate is in .p12 format and had been encrypted using RSA? The SAS Portal only supports CPI certificates that are RSA encrypted. 

 

Jump to Solution

Posted on --/--/---- --:-- AM
johnyri
Bronze 1
Bronze 1
In response to James_S
Reply posted on --/--/---- --:-- AM

Insta follows the WINN Forum spec:
Signature Sha384WithRSAEncryption (1.2.840.113549.1.1.12) or, Sha512WithRSAEncryption (1.2.840.113549.1.1.13)

Is there any test or troubleshooting that Google can do? This is holding up important lab testing. Thank you. 

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all