cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1359
Views
5
Helpful
4
Replies
Highlighted
Beginner

ASA 5585 , certificate issue

Hi All,

I am trying to enroll a root certificate to the box , it is throwing me an error

INFO: Certificate has the following attributes:

Fingerprint:     84e3260b cee31ca9 33dab4cd 770e30b6

Do you accept this certificate? [yes/no]: yes

% Error in saving certificate: status = FAIL

What could be the reason for this?

Root Certificate is what i am trying to install , which is generated from our internal PKI infrastrcutre which is encrypted with 4096 bits key.

Can anyone assist me in this?

thanks,

PSM

4 REPLIES 4
Cisco Employee

ASA 5585 , certificate issue

The current version of ASA does not support certificate that is encrypted with 4096 bits key.

2048-bit is the maximum at this stage.

Beginner

ASA 5585 , certificate issue

issue has been resolved.

ASA 5585 support 4096 bits.

Issue was with the Certificate itself , in that country name is provided in 3 letters. Cisco cannot identify country in three letters it should be 2 letters. Our PKI infrastructure has been rebuilt to generate certificate according to the requirement.

now its working fine :-)

thanks mate,

PSM

Cisco Employee

ASA 5585 , certificate issue

Ahh.. looks like it's only supported on the ASA 558x platform.. Thanks for sharing...

Beginner

ASA 5585 , certificate issue

He is installing a root CA which all ASA models support 4096. Just installed an internal root CA cert which was 4096bit on my home ASA5505. I just couldn't generate a CSR from the ASA5505 requesting a cert higher than 2048bit for the ASA itself.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here