I have reviewed the setup guide in the link above and the guide provides the CLI syntax to generate a new TLS server certificate however it does not provide any parameters to change the key size. So IPS will generate a new self signed certificate but will only create a 1024 bit size key. Same problem I have in IME. This is a government client and their security policy mandates that any SSL certificate sizes be of 2048 bit strength or higher. At this point a feature request would probably be in order.
I am referring to IPS SSP in the ASA 5525x firewall. It appears ther is no way to change the certificate size from 1024 to 2048 or higher . My IA auditors are complaining about the weak key size of 1024. I was hoping it could be done from CLI on the IPS modules but the feature does not exist to change the strength of the keys to 2048 which is our minimum security standard.
I am using the generate new self signed certificate feature in the IPS GUI.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...