Cisco ASA 5512 8.6 adding SHA2 SSL Cert to SSL Settings

Cisco ASA 5512 8.6/ ASDM 6.6
Successfully created CSR and GoDaddy issued a SHA2 cert.
On ASA installed new SHA2 Identity certificate
In SSL Settings to add the cert. for the Outside Interface I do not see Available or Active Algorithms for SHA2 only has SHA1.

Questions:
How do I enable/ add SHA2 algorithms?
and/ or
Can I add the SHA2 cert even though SHA2 is not currently listed as Algorithms?
nexxtepAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
See this through the step of ASDM or on the CLI. Specifically on step to select SHA2 cert imported
11.Complete these steps in order to bind the new certificate to the interface:
a.Choose Configuration > Device Management > Advanced > SSL Settings, as shown in Figure 10.
b.Select your interface under Certificates, and click Edit.

12.Choose your new certificate from the drop-down menu, click OK, and click Apply.
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1  
ssl trust-point ASDM_TrustPoint0 outside
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html
0
Pete LongTechnical ConsultantCommented:
What version of code are you running think SHA2 is 9.4(4/5) which was not due till about November?
0
Pete LongTechnical ConsultantCommented:
sorry 9.3(2) came out Jun/Jul
0
btanExec ConsultantCommented:
For ASA 5512-X, in ASA 8.6(1), minimally need ASDM 6.6(1). Specific for SHA2 family consisting of SHA-256/SHA-384/SHA-512, it is bundled under the NGE (aka Suite B) technology
http://blog.cdw.com/cisco-asa-version-9-0asdm-version-7-0-finally-here-and-whats-new/

Looking at release Version 8.6(1)-
 http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/intro_intro.html#wp1325357
It includes all features in 8.4(2) and the latter version does support
- SSL SHA-2 digital signature
You can now use of SHA-2 compliant signature algorithms to authenticate SSL VPN connections that use digital certificates. Our support for SHA-2 includes all three hash sizes: SHA-256, SHA-384, and SHA-512. SHA-2 requires AnyConnect 2.5(1) or later (2.5(2) or later recommended). This release does not support SHA-2 for other uses or products.
Caution: To support failover of SHA-2 connections, the standby ASA must be running the same image.
We modified the following command: show crypto ca certificate (the Signature Algorithm field identifies the digest algorithm used when generating the signature).
- Secure Hash Algorithm SHA-2 Support for IPsec IKEv2 Integrity and PRF
(We modified the following commands: integrity, prf, show crypto ikev2 sa detail, show vpn-sessiondb detail remote.)
- Secure Hash Algorithm SHA-2 Support for Digital Signature over IPsec IKEv2
(SHA-2 digital signature for IPsec IKEv2 connections is supported with the AnyConnect Secure Mobility Client, Version 3.0.1 or later.)
- SHA2 certificate signature support for Microsoft Windows 7 and Android-native VPN clients
(ASA supports SHA2 certificate signature support for Microsoft Windows 7 and Android-native VPN clients when using the L2TP/IPsec protocol.)
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/intro_intro.html#wp1326317
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.