Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with modulus size in MS CA and PIX 515

I have create a MS CA whit a root Certificate 4096 bit, the result during ca authentication (PIX 515-UR v.6.3.3) is the following:

CRYPTO_PKI: Error: Invalid modulus length in public or private key while

CRYPTO_PKI: WARNING: Unsupported certificate or CRL signature algorithm while ve

rifying self-signed cert signature

CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selectin

g certificate status

CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate

CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifyi

ng cert in message by issuer self-signed cert

CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selectin

g certificate status

CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate

CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifyi

ng cert in message by issuer self-signed cert

CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selectin

g certificate status

CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate

CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifyi

ng cert in message by issuer self-signed cert

CRYPTO_PKI: status = 324: failed to verify

CRYPTO_PKI: transaction GetCACert completed

Crypto CA thread sleeps!

CI thread wakes up!

With modulus 1024 or 2048 don't have problem.

Why? Is a limitation?

1 REPLY
Cisco Employee

Re: Problem with modulus size in MS CA and PIX 515

PIX currently only supports a maximum key size of 2048 bits. I don't believe there's any works under way for it to support 4096, so if you would like this feature then please feel free to contact your Cisco Account Manager and have them raise a feature enhancement.

283
Views
0
Helpful
1
Replies