Problem with modulus size in MS CA and PIX 515

rselmi · ‎12-11-2003

I have create a MS CA whit a root Certificate 4096 bit, the result during ca authentication (PIX 515-UR v.6.3.3) is the following:

CRYPTO_PKI: Error: Invalid modulus length in public or private key while

CRYPTO_PKI: WARNING: Unsupported certificate or CRL signature algorithm while ve

rifying self-signed cert signature

CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selectin

g certificate status

CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate

CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifyi

ng cert in message by issuer self-signed cert

CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selectin

g certificate status

CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate

CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifyi

ng cert in message by issuer self-signed cert

CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selectin

g certificate status

CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate

CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifyi

ng cert in message by issuer self-signed cert

CRYPTO_PKI: status = 324: failed to verify

CRYPTO_PKI: transaction GetCACert completed

Crypto CA thread sleeps!

CI thread wakes up!

With modulus 1024 or 2048 don't have problem.

Why? Is a limitation?

gfullage · ‎12-11-2003

PIX currently only supports a maximum key size of 2048 bits. I don't believe there's any works under way for it to support 4096, so if you would like this feature then please feel free to contact your Cisco Account Manager and have them raise a feature enhancement.