Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Cisco Ironport Certificate ISsue

Hai All,

We have cisco ironport WSA 370 version 7.5 .

We need to decrypt some https traffic . But the issue is our corporate AD support only 2048 bit cert. But our WSA box only support 1024.

Heared that asycos 7.7 (new release) support 2048 bit cert.  When i check the 7.7 guide, its not mentioned. Can you please suggest???

Everyone's tags (1)
4 REPLIES

Cisco Ironport Certificate ISsue

I'm on 7.7, and I'm using a 2048 bit cert.

I'm fairly certain that this cert is the same one I used when I was on 7.5...

If you want to go to 7.7, wait until they release the 602 build mentioned in this Infoworld article:

http://www.infoworld.com/d/security/cisco-fixes-serious-vulnerabilities-in-email-web-and-content-security-appliances-221675

That should be in the next few days.

Cisco Employee

Cisco Ironport Certificate ISsue

Ken has been ahead all day

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
Cisco Employee

Cisco Ironport Certificate ISsue

Hi Mohamed,

There is a feature request so the WSA can generate 2048 bit certificate; but you can upload a an Intermediate root signing certificate to the appliance.

Look for "Uploading a Root Certificate and Key"

https://www.cisco.com/en/US/docs/security/wsa/wsa7.7/User_Guide/WSA_7.7.0_UserGuide.pdf

HTH,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

Cisco Ironport Certificate ISsue

Dears,

I had a conversation with Cisco TAC engineers and they clearly mentioned that, 2048 bit cert. from AD will not accepted by Our Box. They already  forwarded, their request to the development team since they are getting lots of complaint from many customers. They will release asyncos 7.7.5 at the end of this year probably. this date may change.

758
Views
0
Helpful
4
Replies
CreatePlease to create content