Re: ECDSA Certificate upload for HTTPS proxy.

VKi67464 · ‎07-17-2020

Dear All!

I've upgraded to 12.0.1-334

ECDSA Certificate upload - The appliance now supports the uploading of ECDSA certificate for HTTPS proxy.

But when I try to upload it, the appliance says:

Error — Certificates with ecdsa-with-SHA384 signature algorithm are not allowed

Any thoughts? Isn't this supported yet then?

Thanks

opryluts · ‎07-17-2020

Hi,

Just to better understand the steps you took... How did you generate/upload the cert?

opryluts · ‎07-17-2020

I tested it in the lab and got the same

I'll investigate it...

Do you see the same issue for other SHA algos? Or only SHA384

VKi67464 · ‎07-17-2020

our prod CA is SHA384, I did not test it with others as I just updated the WSA but I'll test it if I have some time to install a test CA

*I've generated the cert from the downloaded request and tried to upload a new cert in PEM with the key. both times same error message

opryluts · ‎07-20-2020

Thanks for the details.

I raised CSCvv04912 for it. As a workaround, you can try using SHA<=256

Please vote/mark solved if you find it helpful

VKi67464 · ‎01-12-2021

12.5.1-035 is affected too.

12.5.1-043 - still not working.

14.0.1-040 - still not working

14.0.2-012 - still not working

VKi67464 · ‎04-04-2022

CSCvv04912 has been marked as duplicate to CSCvv04912

CSCvv04912 has been closed as "fixed" yet as my previous post shows, it's still not.