cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1453
Views
0
Helpful
2
Replies

7925 won't generate CSR after Microsoft CA base cert upgraded to SHA-256

bryorkj
Level 1
Level 1

We've been able to install user certs on our 7925 phones for years, using our MS 2012r2 server CA, with a SHA-1 server cert.  We recently upgraded our CA server's cert to SHA-256.  Now when we try to generate a CSR from a 7925, the phone always presents a dialog, "CA certificate file not uploaded."  We've tried DER and Base64 certs with no luck.  If we use the old cert, the phone generates a CSR.  It doesn't work, of course...

1 Accepted Solution

Accepted Solutions

Ric Beeching
Level 7
Level 7

Are these 7925G phones? I believe they only support SHA-1 certs.

Ensure the CA server certificate is signed using the SHA-1 algorithm as the SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) and SHA-3 signature algorithms are not supported.

https://supportforums.cisco.com/sites/default/files/attachments/discussion/deployment_guide_-_cisco_unified_wireless_ip_phone_7925g_7925g-ex_7926g_v1.4.6.pdf

Ric

-----------------------------
Please rate helpful / correct posts

View solution in original post

2 Replies 2

Ric Beeching
Level 7
Level 7

Are these 7925G phones? I believe they only support SHA-1 certs.

Ensure the CA server certificate is signed using the SHA-1 algorithm as the SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) and SHA-3 signature algorithms are not supported.

https://supportforums.cisco.com/sites/default/files/attachments/discussion/deployment_guide_-_cisco_unified_wireless_ip_phone_7925g_7925g-ex_7926g_v1.4.6.pdf

Ric

-----------------------------
Please rate helpful / correct posts

Argh.  They are 7925G...

Review Cisco Networking for a $25 gift card