Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE does not recognize 2048 bit certificate as trusted?

Hi, I have bought and installed a 2048bit certificate from Thawte on a ACE20-MOD-K9 module. The appliance can't use it and gives the following error: "This certificate cannot be verified up to a trusted certfication authority."

I have contacted Thawte about this and they suggest to install an intermediate certificate from Thawte on the module, but I can't find such a certicicate for Cisco on their site. Also I'm not sure how to go about implementing such an intermediate certificate on the ACE.

Anyone encountered such a problem? How did you solve it?

Any help is much appreciated, thanks in advance.

Sent from Cisco Technical Support iPad App

1 REPLY
Hall of Fame Super Silver

Re: ACE does not recognize 2048 bit certificate as trusted?

Use Thawte's intermediate certificate for an Apache server. That should work fine.

Thawte's intermediate certificate can be found here:

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=SO15464

Also, per ACE documentation (and my experience):

Note

When you make a change to a chain-group certificate, the change takes effect only after you respecify the associated chain group in the SSL proxy service using the chaingroup command. See the "Creating and Defining an SSL Proxy Service" section in Chapter 3, Configuring SSL Termination.

Hope this helps.

p.s., I found the tool at:

http://www.digicert.com/help/

to be more useful than Thawte's (or Verisign's) for strictly checking your chaingroup validity. Many modern browsers will allow you to have out of order chaingroup certificates. However, some older (and mobile handset) devices will throw an error if your certificates are improperly chained.

1140
Views
0
Helpful
1
Replies
CreatePlease to create content