SHA2 Cert for ASA

lmqtechnology · ‎04-20-2015

Im having a problem installing Certificates from Digicert on ASA running 8.3(1). Certificate is SHA2. Each time I try to install the CA or the Indent cert I keep getting a parsing error. On the Digicert website it says that 8.2.3.9 supports SHA 2 for anyconnect, however 8.4 is needed for all other Functionality. Is this correct and if so how do I install this for just Anyconnect?

Cisco ASA 5500

8.2.3.9+ for AnyConnect VPN Sessions; 8.4(2)+ for other functionalities

Cisco ASA 5500

8.2.3.9+ for AnyConnect VPN Sessions; 8.4(2)+ for other functionalities

Vahid Ghafori · ‎04-21-2015

Hello,

Please refer to the release note:

New feature on 8.4.2

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html#48166

Also 8.2.3.9:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/release/notes/asarn82.html#wp418483

You should see the difference. you cannot install cert just for Anyconnect, and if you install on that version new functionality are not supported.

If you get any parsing error would you please let us know what is the error?

can you copy paste console output here.

Also if you can paste the output of "debug crypto ca transaction 255" and "debug crypto ca message 255"

when you enter above commands, try to authenticate your certificate and collect the output.

Thanks,

Vahid

lmqtechnology · ‎04-21-2015

okay thanks for those links.. I read them am I correct in thinking 8.2 allows SHA-2 for Client authentication (AAA), however the ASA does support SHA-2 until 8.4

Vahid Ghafori · ‎04-21-2015

I believe your questions has been answered here:

https://supportforums.cisco.com/discussion/11103286/asa-and-sha-256-certificates

lmqtechnology · ‎04-21-2015

Should I be able to generate a CSR and install a SHA-2 certificate on an ASA running 8.3?