10-10-2012 07:43 AM - edited 03-11-2019 05:07 PM
Hi All,
I am trying to enroll a root certificate to the box , it is throwing me an error
INFO: Certificate has the following attributes:
Fingerprint: 84e3260b cee31ca9 33dab4cd 770e30b6
Do you accept this certificate? [yes/no]: yes
% Error in saving certificate: status = FAIL
What could be the reason for this?
Root Certificate is what i am trying to install , which is generated from our internal PKI infrastrcutre which is encrypted with 4096 bits key.
Can anyone assist me in this?
thanks,
PSM
10-11-2012 06:32 AM
The current version of ASA does not support certificate that is encrypted with 4096 bits key.
2048-bit is the maximum at this stage.
10-11-2012 06:59 AM
issue has been resolved.
ASA 5585 support 4096 bits.
Issue was with the Certificate itself , in that country name is provided in 3 letters. Cisco cannot identify country in three letters it should be 2 letters. Our PKI infrastructure has been rebuilt to generate certificate according to the requirement.
now its working fine :-)
thanks mate,
PSM
10-11-2012 07:05 AM
Ahh.. looks like it's only supported on the ASA 558x platform.. Thanks for sharing...
04-28-2013 04:40 PM
He is installing a root CA which all ASA models support 4096. Just installed an internal root CA cert which was 4096bit on my home ASA5505. I just couldn't generate a CSR from the ASA5505 requesting a cert higher than 2048bit for the ASA itself.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: