?
Solved

Cisco VPN3030 Identity Cert generation problems

Posted on 2011-05-03
2
Medium Priority
?
889 Views
Last Modified: 2012-05-11
Hi,
Currently (attempting) to renew certs on a couple of VPN3030 gateways, the existing ones are 1024 bit, so I am using this procedure to generate new identity certs as RSA 2048 bit
 
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a00800946f1.shtml

Problem being that the generated certs are only 2047 bit, not 2048, I believe this is due to a null character on the beginning or the end which is not counted, our provider cannot therefore re-issue the SSL cert.

Any ideas??

Thanks
Chris
 
0
Comment
Question by:Chris_944
2 Comments
 
LVL 15

Accepted Solution

by:
Frabble earned 2000 total points
ID: 35546993
I've had to do the same thing. Used a Cisco CSS to generate the key pair and CSR. Used OpenSSL to convert and password the key file, then import both the key and certificate into the VPN concentrator.
People have posted solutions and you could use OpenSSL to do the whole thing:
Key pair and CSR generation:
http://www.voodish.co.uk/articles/csr-contains-a-key-size-that-is-less-than-2048-bits/
Key file conversion and import:
http://antjedi.homeip.net/wordpress/?p=22
0
 

Author Comment

by:Chris_944
ID: 35698380
Thanks Frabble, bit of a hash but it worked, surprised Cisco haven't come out with a patch yet mind.

Cheers
Chris
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question