Several situations have been detected where an EACAT access error may occur when using the T-CAT . These situations are related to the hash algorithm for secure connections used by the T-CAT digital certificate. They may use the SHA-1 algorithm or the SHA-2 algorithm. Depending on which of these algorithms it is, there will be some solutions or others:
- The T-CAT digital certificate used by the user is SHA-1 (hash algorithm for secure connections).
In this case, so that there is no error in accessing EACAT when using the T-CAT, the following can be done:
- Work with browsers such as Internet Explorer or Firefox that still accept private digital certificates with the SHA-1 algorithm.
- Downgrade Chrome to an older version, for example, it is known that with Chrome version 7.0 , private digital certificates with the SAH-1 algorithm work ; although it should be noted that previous versions lose the security that the browser itself has been implementing.
- Request a new T-CAT digital certificate that works with the SHA-2 algorithm. This option is the most successful considering that at the end of the year (31/12/2020) all these certificates that work with SHA-1 will expire.
If a new T-CAT (SHA-2) is requested , the intermediate ec-sectorpublic certificate must be validated and the incorrect one removed (discussed in section b). You must then clear your browser cache and restart your computer.
- The T-CAT digital certificate used by the user is SHA-2 (hash algorithm for secure connections) In this case, there may be 2 intermediate certificates with the same name but with different serial numbers.
Only the digital certificate serial number with SHA-2 must be loaded.
And, remove the digital certificate serial number with SHA-1 algorithm.
