DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

ACME Supported Cipher Suites

Solution ID : SO270323143829
Last Modified : 10/07/2024

Scenario

Win-ACME automation is failing and showing the following error message:

“Error 12029 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'A connection with the server could not be established'."

 

Solution

acme.digicert.com uses the following SSL ciphers (nmap output):

TLSv1.2

Ciphers:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

 

These cipher suites need to be enabled within the server trying to do automation to be able to negotiate a TLS1.2 connection to utilize the acme protocol. If these are not allowed, automation fails with “Error 12029 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'A connection with the server could not be established'.”

Once the registry on the server is updated to allow one of the SSL ciphers above, the SSL automation should work.

PROTECT YOUR SITE WITH THE WORLD’S MOST TRUSTED TLS/SSL CERTIFICATES.

BUY NOW

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.