07-02-2013 01:07 AM
Hai All,
We have cisco ironport WSA 370 version 7.5 .
We need to decrypt some https traffic . But the issue is our corporate AD support only 2048 bit cert. But our WSA box only support 1024.
Heared that asycos 7.7 (new release) support 2048 bit cert. When i check the 7.7 guide, its not mentioned. Can you please suggest???
07-02-2013 12:31 PM
I'm on 7.7, and I'm using a 2048 bit cert.
I'm fairly certain that this cert is the same one I used when I was on 7.5...
If you want to go to 7.7, wait until they release the 602 build mentioned in this Infoworld article:
That should be in the next few days.
07-02-2013 12:57 PM
Ken has been ahead all day
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
07-02-2013 12:55 PM
Hi Mohamed,
There is a feature request so the WSA can generate 2048 bit certificate; but you can upload a an Intermediate root signing certificate to the appliance.
Look for "Uploading a Root Certificate and Key"
https://www.cisco.com/en/US/docs/security/wsa/wsa7.7/User_Guide/WSA_7.7.0_UserGuide.pdf
HTH,
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
07-02-2013 09:29 PM
Dears,
I had a conversation with Cisco TAC engineers and they clearly mentioned that, 2048 bit cert. from AD will not accepted by Our Box. They already forwarded, their request to the development team since they are getting lots of complaint from many customers. They will release asyncos 7.7.5 at the end of this year probably. this date may change.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide