Re: ACE 4700 ssl probe failure

dlance · ‎04-20-2011

We recently updated one of our servers to a new SSL certificate using the 4096 bit cipher key. Now the ACE probe to that server fails.

We have SSL version set to any and SSL cipher set to any. Id there a problem with a ACE https probe not supporting cipher keyes longer then 1024 bit ?

stmccabe · ‎04-20-2011

Hello DLance,

The ACE supports ssl certs upto 2048bits..

If you refer to the following guide, there is mention of the 2048 limit:

http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/ssl/guide/certkeys.html

HTH. Regards.

stmccabe · ‎04-20-2011

More clarification on my last post - this is for both SSL offload and the ACE probing an SSL based rserver(s) - 2048 is the upper limit. Regards.

dlance · ‎04-20-2011

Thanks

I wonder if Cisco has any plans to change that ?

Dave

dlance · ‎04-20-2011

This link is blocked for me

Dave

dlance · ‎04-20-2011

Also we are running

ACE 4710 Device Manager A3(2.6)

Do you know if it will support 2048 bit keys ?

Dave

stmccabe · ‎04-20-2011

Did you login to CCO first - If you go to ACE configuration guides you will be able to access the document.

Currently there are no plans to support a 4096bit Cert.

dlance · ‎04-20-2011

Yes I was logged in.

Not we arent even running version 4

Does the version we run support 2048 ?

Dave

stmccabe · ‎04-20-2011

Yes, you will be good. 2048 is supported in all A(2.x), A(4.x) and even the earlier versions..

Thanks.

dlance · ‎04-20-2011

Thanks much. I was able to browse to the document.

Dave