cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
645
Views
5
Helpful
5
Replies
Highlighted
Beginner

ECDSA Certificate upload for HTTPS proxy.

Dear All!

 

I've upgraded to 12.0.1-334

 

https://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa_12-0/WSA_12-0_Release_Notes.pdf says:

ECDSA Certificate upload - The appliance now supports the uploading of ECDSA certificate for HTTPS proxy.

 

But when I try to upload it, the appliance says:

Error — Certificates with ecdsa-with-SHA384 signature algorithm are not allowed

 

Any thoughts? Isn't this supported yet then?

 

Thanks

5 REPLIES 5
Highlighted
Cisco Employee

Hi,

 

Just to better understand the steps you took... How did you generate/upload the cert?

Highlighted

I tested it in the lab and got the same

I'll investigate it...

 

Do you see the same issue for other SHA algos? Or only SHA384

Highlighted

our prod CA is SHA384, I did not test it with others as I just updated the WSA but I'll test it if I have some time to install a test CA

 

*I've generated the cert from the downloaded request and tried to upload a new cert in PEM with the key. both times same error message

Highlighted

Thanks for the details.

I raised CSCvv04912 for it. As a workaround, you can try using SHA<=256

Please vote/mark solved if you find it helpful

Highlighted
Beginner

12.5.1-035 is affected too.

Content for Community-Ad