Problem with Generate a certificate and Key

arosasc · ‎08-12-2013

I have a Cisco S370 and generated a certificate Key to block HTTPS pages.

I require a CA signs the certificate generated by the Cisco S370, but the CA returns me an error and asks the key is changed to 2048, but I have no option to do this in the GUI, look in the CLI but can not find any option to change the HTTPS certificate key 2048

You can change the certificate that was generated by the WSA S370 to 2048

Kush Srivastava · ‎08-13-2013

Hi,

At present, from the GUI of WSA you can create only 1024 bit CSR. There is an existing
feature request #86121 for this functionality (to create 2048 bit CSR) to be implemented
in the later version of AsyncOS. The request in question is currently in development and
most likely will be implemented in later version of AsyncOS.

In order to generate a self-sign certificate with a key length of 2048 bits you can use
OpenSSL; please refer to the following non Cisco web site/url for more information/steps. 

http://www.akadia.com/services/ssh_test_certificate.html

Regards,
Kush

Valter Da Costa · ‎08-13-2013

In addtition to Kush's response, we had a similar thread in the past. Please refer to:

https://supportforums.cisco.com/message/3900340?referring_site=bss&channel=bdp#3900340

Also, please note it would be advisable to refer to this Feature Request using Cisco Bug ID CSCzv70884 instead of

86121.

You can search for Bug IDs using Cisco Bug Search Tool :

https://tools.cisco.com/bugsearch/

From this tool, you can not only obtain info about the bug but also open TAC cases and Save the bug so you can get updates.

Regards,

-Valter