ECDSA Certificate upload for HTTPS proxy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2020 01:12 AM
Dear All!
I've upgraded to 12.0.1-334
https://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa_12-0/WSA_12-0_Release_Notes.pdf says:
ECDSA Certificate upload - The appliance now supports the uploading of ECDSA certificate for HTTPS proxy.
But when I try to upload it, the appliance says:
Error — Certificates with ecdsa-with-SHA384 signature algorithm are not allowed
Any thoughts? Isn't this supported yet then?
Thanks
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2020 04:30 AM
Hi,
Just to better understand the steps you took... How did you generate/upload the cert?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2020 05:03 AM
I tested it in the lab and got the same
I'll investigate it...
Do you see the same issue for other SHA algos? Or only SHA384
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2020 05:49 AM - edited 07-17-2020 05:58 AM
our prod CA is SHA384, I did not test it with others as I just updated the WSA but I'll test it if I have some time to install a test CA
*I've generated the cert from the downloaded request and tried to upload a new cert in PEM with the key. both times same error message
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2020 04:57 AM
Thanks for the details.
I raised CSCvv04912 for it. As a workaround, you can try using SHA<=256
Please vote/mark solved if you find it helpful
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-12-2021 02:31 AM - edited 04-04-2022 03:32 AM
12.5.1-035 is affected too.
12.5.1-043 - still not working.
14.0.1-040 - still not working
14.0.2-012 - still not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2022 03:35 AM
CSCvv04912 has been marked as duplicate to CSCvv04912
CSCvv04912 has been closed as "fixed" yet as my previous post shows, it's still not.
