cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1089
Views
0
Helpful
4
Replies

Cisco Ironport Certificate ISsue

mohamed fayz
Level 1
Level 1

Hai All,

We have cisco ironport WSA 370 version 7.5 .

We need to decrypt some https traffic . But the issue is our corporate AD support only 2048 bit cert. But our WSA box only support 1024.

Heared that asycos 7.7 (new release) support 2048 bit cert.  When i check the 7.7 guide, its not mentioned. Can you please suggest???

4 Replies 4

I'm on 7.7, and I'm using a 2048 bit cert.

I'm fairly certain that this cert is the same one I used when I was on 7.5...

If you want to go to 7.7, wait until they release the 602 build mentioned in this Infoworld article:

http://www.infoworld.com/d/security/cisco-fixes-serious-vulnerabilities-in-email-web-and-content-security-appliances-221675

That should be in the next few days.

Ken has been ahead all day

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva

Luis Silva Benavides
Cisco Employee
Cisco Employee

Hi Mohamed,

There is a feature request so the WSA can generate 2048 bit certificate; but you can upload a an Intermediate root signing certificate to the appliance.

Look for "Uploading a Root Certificate and Key"

https://www.cisco.com/en/US/docs/security/wsa/wsa7.7/User_Guide/WSA_7.7.0_UserGuide.pdf

HTH,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva

Dears,

I had a conversation with Cisco TAC engineers and they clearly mentioned that, 2048 bit cert. from AD will not accepted by Our Box. They already  forwarded, their request to the development team since they are getting lots of complaint from many customers. They will release asyncos 7.7.5 at the end of this year probably. this date may change.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: