Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1353
Views
10
Helpful
5
Replies

IPSec and CA server Error

Go to solution
UCrypto
Level 1
Level 1

‎09-19-2018 06:55 AM

Dear All,

When i test ipsec with MS CA in Gns3,I got public doesnot meet minium requirement by specified certificate template error.I think it is due to when i generate rsa key in cisco router the default algorithms is SHA1 ? How generate RSA key with SHA256 ?Please below config:

ip domain name radiuslocal.com
crypto key generate rsa label VPN_KEY modulus 2048
crypto pki trustpoint radiuslocal-man
enrollment terminal
serial-number
ip-address none
fqdn r1.radiuslocal.com
subject-name cn=r1.radiuslocal.com,OU=IT,O=R1,ST=SG,C=SG
revocation-check none
crypto pki authenticate radiuslocal-man
crypto pki enroll radiuslocal-man
crypto pki import radiuslocal-man cert

 

When i import certificate i got public key minium error? how can i fix this ?

 

Labels:
Preview file
48 KB
Preview file
56 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MrBeginner
Spotlight
Spotlight

‎02-19-2020 10:00 PM

Hi,

Please check GNS3 image .

Please check your public key length and CA key length

Please check CA template

and

if you are using Root CA and Sub Cert Please check CA authority service is running in sub-ca 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎09-19-2018 11:07 AM

Hello,

 

I don't think you can specify the encryption algorithm. The generated RSA keys are general purpose keys. So your only option is to change the minimum size on the requester side...

Go to solution
UCrypto
Level 1
Level 1
In response to Georg Pauwen

‎09-26-2018 08:51 AM

Hi Georg Pauwen,

When i enroll the root CA for CA server ,it is ok and i enrolled and copy request key from router and paste in 

certificate request box and summit i got the fail error. I already configure template with 2048 .

Let me know how to change the minimum size on the requester side. ?

 

 

Preview file
112 KB
Preview file
75 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to UCrypto

‎09-26-2018 08:57 AM

Hello,

 

what is MS CA in Gns3 ? Is that the Windows Server appliance ?

Go to solution
UCrypto
Level 1
Level 1
In response to Georg Pauwen

‎09-26-2018 05:48 PM

Hi,

I install CA on VM and connect to GNS 3.

and i am using this CA server for Certificate.

0 Helpful

Go to solution
MrBeginner
Spotlight
Spotlight

‎02-19-2020 10:00 PM

Hi,

Please check GNS3 image .

Please check your public key length and CA key length

Please check CA template

and

if you are using Root CA and Sub Cert Please check CA authority service is running in sub-ca 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card