Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3354
Views
0
Helpful
1
Replies

IETF X.509 Certificate Signature Collision Vulnerability on cisco asa

nkarthikeyan
Level 7
Level 7

‎07-18-2012 03:08 AM

Hi Experts,

We have got an alert from our security team that one of our ASA which has the CA certficate for SSLVPN has the following vulnerability when they did the scan.

IETF X.509          Certificate Signature Collision Vulnerability.
I have searched in web and i couldn't find a proper solution. Can any one help how to make this solved.
As per the info in the other forumn we need to make SHA instead of MD5 for this certificate. But am not really sure how to make that. Since this is in the production environment.
we have the local trust certficate pointed for that SSL vpn.
Thanks in advance folks.
Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎07-20-2012 09:44 AM

There is nothing you can do on your ASA. The signature in question is applied by the CA onto the ID-certificate. You need to change your CA and choose a vendor that cares about security.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents