09-24-2013 03:48 PM
I have a secure website behind an Cisco ACE20 using A2(3.2). Everything is working great. Only that now I need to renew my certificate. When creating the CSR and sending it to my CA I get this warning:
"Alert: Your CSR has been signed using the MD5 hashing algorithm. While the MD5 hashing algorithm is not optimal it will not prevent you from using this CSR to enroll for your SSL certificate. VeriSign best practices recommend that you use a different hashing algorithm for the signature. CSR Information"
Anybody know if it is possible to use SHA instead of MD5 or what can I do in this case?
Solved! Go to Solution.
09-25-2013 02:21 AM
I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.
http://gnuwin32.sourceforge.net/packages/openssl.htm
openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1
The above will load a wizard format questionare for your CSR parameters similar to the ACE.
You can then upload your key, and cert when you get it to the ACE afterwards.
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
09-25-2013 02:21 AM
I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.
http://gnuwin32.sourceforge.net/packages/openssl.htm
openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1
The above will load a wizard format questionare for your CSR parameters similar to the ACE.
You can then upload your key, and cert when you get it to the ACE afterwards.
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
10-24-2013 09:31 AM
Thanks Stephen. I created the CSR on a Linux box using OpenSSL as you say and it worked great.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide