ASA 5585 , certificate issue

parveesm123 · ‎10-10-2012

Hi All,

I am trying to enroll a root certificate to the box , it is throwing me an error

INFO: Certificate has the following attributes:

Fingerprint: 84e3260b cee31ca9 33dab4cd 770e30b6

Do you accept this certificate? [yes/no]: yes

% Error in saving certificate: status = FAIL

What could be the reason for this?

Root Certificate is what i am trying to install , which is generated from our internal PKI infrastrcutre which is encrypted with 4096 bits key.

Can anyone assist me in this?

thanks,

PSM

Jennifer Halim · ‎10-11-2012

The current version of ASA does not support certificate that is encrypted with 4096 bits key.

2048-bit is the maximum at this stage.

parveesm123 · ‎10-11-2012

issue has been resolved.

ASA 5585 support 4096 bits.

Issue was with the Certificate itself , in that country name is provided in 3 letters. Cisco cannot identify country in three letters it should be 2 letters. Our PKI infrastructure has been rebuilt to generate certificate according to the requirement.

now its working fine :-)

thanks mate,

PSM

Jennifer Halim · ‎10-11-2012

Ahh.. looks like it's only supported on the ASA 558x platform.. Thanks for sharing...

Chris Balmer · ‎04-28-2013

He is installing a root CA which all ASA models support 4096. Just installed an internal root CA cert which was 4096bit on my home ASA5505. I just couldn't generate a CSR from the ASA5505 requesting a cert higher than 2048bit for the ASA itself.