I have a wildcard SSL certificate for our domain from RapidSSL. I installed the intermediary certificates fine but I can't get the acutal cert to install. I get the message "Can't Upload Invalid Self Certificate" message. Has anyone else ever successfully used a wildcard cert with an SA?
I also had a big problem with a regular ssl certificate from rapidssl. I opend a case with cisco and after 3 weeks of the most horrible support i have ever experienced i gave up. I bought a new certificate from godaddy and that workd right away.
I pointed out to my cisco tech that there is most likely a bugg in the fw since i tried 3 different providers, geotrust, globalsign and rapidssl all of them did not work. I bet they did not even try to solve my case.
1) There is a bug in your firmware that prevent the upload of some certificates from public ca's. You can read about it in my previous post and link. However it seems cisco has fixed it in the new fw for the rw220, i have seen it was adressed in the release notes but i have not tried it since i already got myself an working ssl cert from godaddy. Most likely your firmware has not the included fixes.
2) Your firmware can't handle more than 1024 bits encryption. Since NON of the major CA will sign anything lower than 2048 bits you will have litle to any luck to get your csr request signed. The 1024bits is consider weak and therefor since the start of 2012 all big CA's will only supply 2048 bits signing.
So basicly even if you managed to find a CA that "could" work with the bug in the fw from #1 you will most likely never get an 1024 bits encryption since it's not supported any more. Sorry to say it but basicly you are screwed until cisco managed to fix the firmware to include the bug fix and support of 2048 bits encryption.
If you need an public ssl certificate i would change my firewall straight away unless cisco staff can give you an e.t.a on a working firmware. The change to 2048bits was made around January. Now one would think that cisco would provide the 2048bits support Before all major CA's stoped the 1024bits signig. I bet most off the support staff don't even know this. It's easy to point one to a Faq or support doc but without even knowing that it wont work in your case. Most likely they have not even tried doing a public ca request, since then they would know this.
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...