Several situations have been detected where an access error can occur in EACAT when using T-CAT . These situations have to do with the hashing algorithm for secure connections that the T-CAT digital certificate uses. They may use the SHA-1 algorithm or the SHA-2 algorithm. Depending on which of these algorithms is involved, there will be some solutions or others:
- Digital certificate T-CAT used by user is SHA-1 (Hash Algorithm for Secure Connections).
In this case, so that there is no access error to EACAT when using T-CAT, the following can be done:
- Work with browsers like Internet Explorer or Firefox that still accept private digital certificates with the SHA-1 algorithm.
- Downgrade the version of Chrome to a previous version, for example, with Chrome version 7.0, private digital certificates with the SAH-1 algorithm are known to work ; although it should be borne in mind that previous versions lose the security measures that the browser itself has been implementing.
- Request a new T-CAT digital certificate that works with the SHA-2 algorithm. This option is the most correct considering that at the end of the year (31/12/2020) all these certificates that work with SHA-1 will expire.
If a new T-CAT (SHA-2) is requested, the ec-sectorpublic intermediate certificate must be validated and the incorrect one removed (discussed in section b). Afterwards, you need to clear your browser cache and restart your computer.
- Digital certificate T-CAT used by the user is SHA-2 (Hash Algorithm for Secure Connections) In this case, it may happen that there are 2 intermediate certificates with the same name but different serial numbers.
Only the digital certificate serial number with SHA-2 should be loaded.
And, remove the serial number of the digital certificate with SHA-1 algorithm.