Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Expired Certificate within SA540 firmware - issue with SSL-VPN

I have the problem that the SSLVPN certificate within the SSL client software is not longer valid.

The experiation date was at 31.03.2012 01:59:59.

Can someone explain to me how to update this certificate?

Is there an option to upgrad this via firmware?

Why did CISCO outsource the firmware to 3rd party company's and no one will double check things like this???

Current Firmware state is:

2.1.72

Cisco Certificate:

Please check the attachment below

Regards!

Torsten

3 REPLIES
New Member

Expired Certificate within SA540 firmware - issue with SSL-VPN

Hello Mr. Jahnke,

In order to get a new SSL certificate please follow the next instructions:

STEP 1 : Click Administration > Authentication.

The Authentication (Certificates) window opens.

STEP 2 For each type of certificate, perform the following actions, as needed:

To add a certificate, click Upload. You can upload the certificate from the PC or the USB device. Click Browse, find and select the certificate, and then

click Upload.

To delete a certificate, check the box to select the certificate, and then click

Delete.

To download the router’s certificate (.pem file), click the Download button under the Download Settings area.

STEP 3 To request a certificate from the CA, click Generate CSR.

The Generate Certification Signing Request window opens.

a. Enter the distinguished name information in the Generate Self Certificate

Request fields.

Name: Unique name used to identify a certificate.

Subject: Name of the certificate holder (owner). The subject field populates the CN (Common Name) entry of the generated certificate and can contain these fields:

- CN=Common Name

- O=Organization

- OU=Organizational unit

- L= Locality

- ST= State

- C=Country

For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US

Whatever name you choose will appear in the subject line of the generated CSR. To include more than one subject field, enter each subject separated by a comma. For example: CN=hostname.domain.com, ST=CA, C=USA

Hash Algorithm: Algorithm used by the certificate. Choose between MD5 and SHA-1

Signature Algorithm: Algorithm (RSA) used to sign the certificate.

Signature Key Length: Length of the signature, either 512 or 1024.

(Optional) IP Address, Domain Name, and Email Address

b. Click Generate.

A new certificate request is created and added to the Certification Signing Request (CSR) table. To view the request, click the View button next to the certificate you just created.

Or you could check it on the next link. please check page 191

http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf

If this answer was satisfactory for you, please mark the question as Answered.

Diego Rodriguez

Cisco network engineer

Thank you

Cisco Employee

Expired Certificate within SA540 firmware - issue with SSL-VPN

Hello Mr. Jahnke,

We looked at the screen shot you uploaded that confirmed that your device is running firware version 2.1.72. We searched at the Cisco.com website but could not find the 2.1.72 firmware.

We downlaod the router certificate with 2.1.71 firmware and with the latest Maintainenece Build release - 2.2.0.7 and both of them are valid till July 1, 2018.

Here are my questions:

1] Is 2.1.72 firmware, a beta version that you were given?

2] Where did you get this firmware from?

3] Can you try to downgrade to 2.2.71 firmware and see if the SSL VPN certificate is vlaid?

4] Or, can you upgrade to 2.2.0.7 firmware and see if the SSL VPN certificate is vlaid?

Please let us know if this worked and if it solved your issues.

Thanking you,

Prabhjit Singh Bagga

Nnennaya Udochu

New Member

Expired Certificate within SA540 firmware - issue with SSL-VPN

The Firmware 2.1.72 was installed by factory default when the box  arrives.

Now, I have double checked the problem on the current firmware and it’s still  the same problem. I'm using the 2.2.0.7.

You can simple check it. Here is the screenshot how you  can check this via Internet Explorer:

SSL VPN Client Certificate

Virtual Passage Driver Certificate

Best regards!

Torsten

1328
Views
0
Helpful
3
Replies
CreatePlease to create content