Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2107
Views
0
Helpful
2
Replies

ACE20 and hashing algorithm

Go to solution
e.pedersen
Level 1
Level 1

‎09-24-2013 03:48 PM

I have a secure website behind an Cisco ACE20 using A2(3.2). Everything is working great. Only that now I need to renew my certificate. When creating the CSR and sending it to my CA I get this warning:

"Alert: Your CSR has been signed using the MD5 hashing algorithm. While the MD5 hashing algorithm is not optimal it will not prevent you from using this CSR to enroll for your SSL certificate. VeriSign best practices recommend that you use a different hashing algorithm for the signature. CSR Information"

Anybody know if it is possible to use SHA instead of MD5 or what can I do in this case?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stephen.stack
Level 4
Level 4

‎09-25-2013 02:21 AM

I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.

http://gnuwin32.sourceforge.net/packages/openssl.htm

openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1

The above will load a wizard format questionare for your CSR parameters similar to the ACE.

You can then upload your key, and cert when you get it to the ACE afterwards.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

View solution in original post

0 Helpful
2 Replies 2

Go to solution
stephen.stack
Level 4
Level 4

‎09-25-2013 02:21 AM

I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.

http://gnuwin32.sourceforge.net/packages/openssl.htm

openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1

The above will load a wizard format questionare for your CSR parameters similar to the ACE.

You can then upload your key, and cert when you get it to the ACE afterwards.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful

Go to solution
e.pedersen
Level 1
Level 1
In response to stephen.stack

‎10-24-2013 09:31 AM

Thanks Stephen. I created the CSR on a Linux box using OpenSSL as you say and it worked great.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents