08-12-2013 06:58 PM
I have a Cisco S370 and generated a certificate Key to block HTTPS pages.
I require a CA signs the certificate generated by the Cisco S370, but the CA returns me an error and asks the key is changed to 2048, but I have no option to do this in the GUI, look in the CLI but can not find any option to change the HTTPS certificate key 2048
You can change the certificate that was generated by the WSA S370 to 2048
08-13-2013 12:06 AM
Hi,
At present, from the GUI of WSA you can create only 1024 bit CSR. There is an existing feature request #86121 for this functionality (to create 2048 bit CSR) to be implemented in the later version of AsyncOS. The request in question is currently in development and most likely will be implemented in later version of AsyncOS. In order to generate a self-sign certificate with a key length of 2048 bits you can use OpenSSL; please refer to the following non Cisco web site/url for more information/steps. http://www.akadia.com/services/ssh_test_certificate.html
Regards,
Kush
08-13-2013 09:49 PM
In addtition to Kush's response, we had a similar thread in the past. Please refer to:
https://supportforums.cisco.com/message/3900340?referring_site=bss&channel=bdp#3900340
Also, please note it would be advisable to refer to this Feature Request using Cisco Bug ID CSCzv70884 instead of
86121.
You can search for Bug IDs using Cisco Bug Search Tool :
https://tools.cisco.com/bugsearch/
From this tool, you can not only obtain info about the bug but also open TAC cases and Save the bug so you can get updates.
Regards,
-Valter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide