Error block type is not 01 during 802.1x authentication

Rate this Article
Average: 1 (1 vote)

July 31, 2018

Last modified: 09/15/2023, 1:48 pm

Knowledge Base Article Troubleshooting Security Remote Workstation Card Zero Clients

Problem

When the PCoIP Zero Client has been configured for 802.1x authentication including loading the required certificates, the Network Access Controller is rejecting the authentication request with error messages such as

The block type of the signature signed by the client private key is not 01
SSL handshake is failing dee to "SA_padding_check_PKCS1_type_1:block type is not 01" error

 

Cause

The private key has been uploaded to the PCoIP Zero Client is a format that is not supported.

 

Resolution

The private key must be in RSA format and included with the public certificate in a pem bundle. PKCS12 files are not support.

To convert a PKCS12 file to the required format:

  1. Use openSSL to convert the pkcs12 file to pem
  2. openssl pkcs12 -in pkcs12.cer -out zeroclient.pem -nodes

  3. Now the output file needs further work to get the private key in RSA format

  4. openssl rsa -in zeroclient.pem -out zeroclient.rsa.pem

  5. Open both zeroclient.pem and zeroclient.rsa.pem in your preferred editor.

  6. In zerclient.rsa.pem copy everything from --- BEGIN RSA PRIVATE KEY ---- to ---END RSA PRIVATE KEY ---
  7. In zeroclient.pem replace --- BEGIN PRIVATE KEY --- to ---END PRIVATE KEY --- and everything inbetween

Please refer to the Tera2 PCoIP Zero Client Administrators' Guide on our support for details.

Zero Client Firmware Administrators' Guide