Problem statement
Multiple environments are unable to establish a CLIENT CREDENTIALS GRANT due to a failing handshake. We saw that Auth0’s certificate has been renewed, and we were wondering if this could be related to the failure or if there are any other changes to your services.
Cause
The previous certificates used RSA for the public key of the TLS certificate. The new certificate issued to a tenant uses an Elliptic Curve Digital Signature Algorithm (ECDSA). This algorithm was not yet supported/enabled on the systems.
Solution
Auth0 can change any part of its certificate chain at any time:
Upon renewal of a certificate, it is possible that a new signing algorithm is used. And if an application cannot support a new signing algorithm to validate the certificate, it can cause SSL handshake issues.
Also, the CAs involved may change, but where wide disruption is expected we try to give our customers advance notice through email notifications and community articles, e.g. this previous CA change: