cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1353
Views
10
Helpful
5
Replies

IPSec and CA server Error

UCrypto
Level 1
Level 1

Dear All,

When i test ipsec with MS CA in Gns3,I got public doesnot meet minium requirement by specified certificate template error.I think it is due to when i generate rsa key in cisco router the default algorithms is SHA1 ? How generate RSA key with SHA256 ?Please below config:

ip domain name radiuslocal.com
crypto key generate rsa label VPN_KEY modulus 2048
crypto pki trustpoint radiuslocal-man
enrollment terminal
serial-number
ip-address none
fqdn r1.radiuslocal.com
subject-name cn=r1.radiuslocal.com,OU=IT,O=R1,ST=SG,C=SG
revocation-check none
crypto pki authenticate radiuslocal-man
crypto pki enroll radiuslocal-man
crypto pki import radiuslocal-man cert

 

When i import certificate i got public key minium error? how can i fix this ?

 

1 Accepted Solution

Accepted Solutions

MrBeginner
Spotlight
Spotlight

Hi,

Please check GNS3 image .

Please check your public key length and CA key length

Please check CA template

and

if you are using Root CA and Sub Cert Please check CA authority service is running in sub-ca 

View solution in original post

5 Replies 5

Hello,

 

I don't think you can specify the encryption algorithm. The generated RSA keys are general purpose keys. So your only option is to change the minimum size on the requester side...

Hi Georg Pauwen,

When i enroll the root CA for CA server ,it is ok and i enrolled and copy request key from router and paste in 

certificate request box and summit i got the fail error. I already configure template with 2048 .

Let me know how to change the minimum size on the requester side. ?

 

 

Hello,

 

what is MS CA in Gns3 ? Is that the Windows Server appliance ?

Hi,

I install CA on VM and connect to GNS 3.

and i am using this CA server for Certificate.

MrBeginner
Spotlight
Spotlight

Hi,

Please check GNS3 image .

Please check your public key length and CA key length

Please check CA template

and

if you are using Root CA and Sub Cert Please check CA authority service is running in sub-ca 

Review Cisco Networking for a $25 gift card