Follow

Issue: Digicert Protocol Violation "CR must be followed by LF"

About

This issue occurs when renewing a certificate on Digicert, stage 500 Posting CSR to CA.

"The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF"

Investigation

Further investigation into this issue revealed that the response we receive from DigiCert is not understood by the server.
Reaching out to DigiCert resulted in this response:

This is being caused by Incapsula running on www.digicert.com. The quick workarounds are:

  1. Use “Set-UseUnsafeHeaderParsing -Enable” in PowerShell prior to invoking the API query
  2. Use api.digicert.com as the ingress point, instead of www.digicert.com

Other Workarounds

We have seen success by using the Following with Venafi:

  • Create a file names VPlatform.exe.config
  • Add the following content to the file

<configuration>

<system.net> 
<settings> 
<httpWebRequest useUnsafeHeaderParsing="true" /> 
</settings> 
</system.net>

</configuration>

  • Place the file in the following location:

C:\Program Files\Venafi\Platform

  • Then reset the Services for Venafi

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments