Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
2
Replies

CSCur19653 - WSA certs being signed SHA1 with SHA256 CA - RSA

julijan.klancnik
Level 1
Level 1

‎04-14-2017 12:12 PM - edited ‎03-20-2019 09:19 PM

Hi there,

I had WSA with version 7.7.0-195 and was having troubles with certificates and SHA256/SHA1 as reported in BUG CSCur19653. I decided to upgrade to version 8.8.0-085 (the latest available from upgrade path from version 7.7.0-195). But the error from CSCur19653 remains on 8.8.0-085 also. Anybody knows which version I should use to overcome this problem?

Labels:
0 Helpful
2 Replies 2

cosmin.surghe
Level 1
Level 1

‎04-24-2017 06:57 AM

Hello Julijan,

I also encountered this behavior on our WSA (version 8.8.0-085) and I asked a TAC Engineer if bug #CSCur19653 is also affecting this version. Please find below the response I received from him:

  • Before 8.5.x versions, WSA generates self signed certificate and CSR with 1024 bit RSA key and SHA-1 support, however from 8.5.x version and onwards, the key length for SSL certificates generated or processed (both, self signed as well as CSR) by the appliance is 2048 bits.
  • From 8.5.2 version and onwards, we can generate self signed certificate with SHA-2 support however CSR will still be downloaded with SHA-1.

So if your appliance is at 8.8 and you are still experiencing the issue, you have to generate a new self signed certificate from WSA which will support SHA2.

In my case the issue disappeared after I upgraded our appliance to a higher version (we upgraded because there is no TLS support for v1.1 and 1.2 in AsyncOS version 8.8.0-085).

Regards.

0 Helpful

julijan.klancnik
Level 1
Level 1
In response to cosmin.surghe

‎04-25-2017 01:14 AM

Thank you for your response.

Meanwhile I've upgraded my appliance to version 10.1.0-204.

In this version I do not have this issue anymore and this complies with your post also.

Thanks again for you post.

Regards, J

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents