07-17-2020 01:12 AM
Dear All!
I've upgraded to 12.0.1-334
https://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa_12-0/WSA_12-0_Release_Notes.pdf says:
ECDSA Certificate upload - The appliance now supports the uploading of ECDSA certificate for HTTPS proxy.
But when I try to upload it, the appliance says:
Error — Certificates with ecdsa-with-SHA384 signature algorithm are not allowed
Any thoughts? Isn't this supported yet then?
Thanks
07-17-2020 04:30 AM
Hi,
Just to better understand the steps you took... How did you generate/upload the cert?
07-17-2020 05:03 AM
I tested it in the lab and got the same
I'll investigate it...
Do you see the same issue for other SHA algos? Or only SHA384
07-17-2020 05:49 AM - edited 07-17-2020 05:58 AM
our prod CA is SHA384, I did not test it with others as I just updated the WSA but I'll test it if I have some time to install a test CA
*I've generated the cert from the downloaded request and tried to upload a new cert in PEM with the key. both times same error message
07-20-2020 04:57 AM
Thanks for the details.
I raised CSCvv04912 for it. As a workaround, you can try using SHA<=256
Please vote/mark solved if you find it helpful
01-12-2021 02:31 AM - edited 04-04-2022 03:32 AM
12.5.1-035 is affected too.
12.5.1-043 - still not working.
14.0.1-040 - still not working
14.0.2-012 - still not working
04-04-2022 03:35 AM
CSCvv04912 has been marked as duplicate to CSCvv04912
CSCvv04912 has been closed as "fixed" yet as my previous post shows, it's still not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide