09-24-2013 03:48 PM
I have a secure website behind an Cisco ACE20 using A2(3.2). Everything is working great. Only that now I need to renew my certificate. When creating the CSR and sending it to my CA I get this warning:
"Alert: Your CSR has been signed using the MD5 hashing algorithm. While the MD5 hashing algorithm is not optimal it will not prevent you from using this CSR to enroll for your SSL certificate. VeriSign best practices recommend that you use a different hashing algorithm for the signature. CSR Information"
Anybody know if it is possible to use SHA instead of MD5 or what can I do in this case?
Solved! Go to Solution.
09-25-2013 02:21 AM
I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.
http://gnuwin32.sourceforge.net/packages/openssl.htm
openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1
The above will load a wizard format questionare for your CSR parameters similar to the ACE.
You can then upload your key, and cert when you get it to the ACE afterwards.
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
09-25-2013 02:21 AM
I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.
http://gnuwin32.sourceforge.net/packages/openssl.htm
openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1
The above will load a wizard format questionare for your CSR parameters similar to the ACE.
You can then upload your key, and cert when you get it to the ACE afterwards.
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
10-24-2013 09:31 AM
Thanks Stephen. I created the CSR on a Linux box using OpenSSL as you say and it worked great.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: