SA520W: difficulty getting self certificate request signed by trusted 3rd party
Please forgive me if this is a dumb question or if I am fundamentally confused, but I have pored over the manual, forum, and web. Very simply I need a trusted third party to sign my CSR and then for the SA520W to accept it as the active self certificate. In principle this is straightforward but I cannot figure out how to make this work in practice. Two examples.
1) GoDaddy: they require a 2048 bit signature and the router only generates 1024. I can generate my own CSR with OpenSSL but then am unable to upload my 2048 bit key to the router, and thus the signed certificate is not accepted
2) Verisign. They will take the router's 1024 bit signature, but they require lots of fields in the CSR, like country and state, that are not supported by the router's generate CSR function. Thus Verisign will not accept the CSR.
Is there any way to get the router to accept a CSR signed by GoDaddy? Or any CA?
I should be very specific - the issue was entirely related to GeoTrust certs as far as I could tell. I am sure from many other reports that GoDaddy and other cert providers would have worked, but a mass move of CA would have cost more than replacing the device.
So, just to be really clear for anyone reading, it's not that the device doesn't work - just that we never managed to get GeoTrust certs to work.
Hi i would like to add my 2 cents from my Certification nightmare.
I have created an csr request 2048 bits end sent to a public CA. After i recived my cert from AlphaSSL i first uploaded Globalsign root cert and the cert from alphassl. Both are accepted by my RV220. After this i try to upload my certificate but im not avalible to, invalid certificate error.
Now i have read the admin guide and generated different request's 5 times, with differnet subject names to include city, state etc spot on from the manual. Nothing works... My ssl provider is probably wondering what im doing.....
I have already open a case at cisco, but after 2 weeks my problem is still unresolved. Im almost convinsed there is something wrong with how the device handles certificates.
So until my case is resolved i can conclude that alphassl that uses globalsign root does not work.I registerd for an free 30 day ssl test certificate from RapidSSL that did not work eighter. Also from Ben's post GeoTrust does not work eighter. So why the ***** does not the manual or something states this providers works, this provider does not or something like that. Or hey why don't cisco TEST the damn feature!!!
I have now spent 200$ on a certificate that does not work and also notice others have the same error WOW...
Can someone confirm that godaddy works and what kind of certificate you bought?
SSL Providers that does not work:
Geotrus, Globalsing, Rapidssl
Having an "working" option to the user to use and public ssl certificate is essential on a SSL VPN Firewall.
In my implementation, I need to establish an IPSec L2L tunnel between SA520 and ASA with PKI.
However, SA520 doesn't accept the certificate which was signed by a trusted standalone CA server (Microsoft CA on Windows Server 2003). This certificate was generated in the format of IPSec template. When I try to activate the certificate on SA520, it notifies me as: "Invalid purpose, Can't upload self-signed certificate". Could you please help me?
If the CA generates certificate in the format of WebServer template, the SA520 can import successfully, however it's not the case for IPSec template. Is it a bug?
Join David Bombal as he busts the myths around Cisco Designed while building out an SMB network right at his desk.
David, a CCIE, CCSI and an educator, has delivered training courses all around the globe across multiple Cisco topics. And he’s desig...
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work.
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l...
Join us live on Thursday, April 29 at 10 am PT as we discuss how the pandemic affected non profits and find out what their secret weapon was to weathering the past year. Our guests will share how giving back during this challenging time actually enabled t...