Solved: ssl

Shakespeare Rodas · ‎07-14-2015

Hi all

Today i have a serious problem because i renewed my ssl certificate for a vpn service

I have the same ssl cert for two firewalls: ASA 5515-x Version 8.6(1)2 and ASA 5505 Version 8.2(2)

The new certificate is in PKCS12 format (certificate.cer + privkey.key + pfx-password) = certificate.pfx

The pfx file was imported and applied successful in the asa 5515-x without problems but not in the asa 5505, when y tried to import the .pfx file the asa 5505 show the follow error: "ERROR: Import PKCS12 operation failed"

I think that could be a incompatibility of the 5505 firewall with the signature algorithm sha256RSA of the new certificate file because the old certificate was a sha1RSA signature algorithm

I need know if somebody known how i can fix this issue.

Thanks friends!!

Abaji Rawool · ‎07-14-2015

You need to have active contract associated with your cco login to download software from cisco website

HTH

Abaji.

View solution in original post

Abaji Rawool · ‎07-14-2015

Hi,

If you know the issue is due ti sha256RSA signature algorithm, you need to upgrade the ASA5505 to 8.2.4.X

HTH

Abaji.

Shakespeare Rodas · ‎07-14-2015

Thanks, according with read article i need update from my current version 8.2.2 to 8.2.3.9 for get support for sha256RSA, the question is if the upgrade for the firmware is free or i have to buy the firmware from cisco support?

Thanks!!!

Abaji Rawool · ‎07-14-2015

You need to have active contract associated with your cco login to download software from cisco website

HTH

Abaji.