04-12-2012 11:14 AM
What dose that error mean?
Im trying to get a simple certificate from an w2k8 server CA to use in the Global Protect.
The Secure WebGui certificate works fine.
Thx in adavanced.
04-13-2012 03:42 AM
I found the answer after alot of researching.
The problem is in in certificate signature algorithm.
When we set up the intermediate server we choose to use RSA512 as a signature algorithm. As it turns out the PA v4.1.5 dose not support RSA512.
If you are running a windows CA and need to change the signature algorithm. See the following url.
Regards
PoTski
07-05-2012 06:07 AM
Thanks for the update. Was looking at using SSL inspection via our CA. We used 512RSA to stop Google Chrome moaning about being signed unsecurely when running MD5. Have already uninstalled and re-installed our CA to get this working, don't fancy the reg hack though.
Don't suppose you know if this is fixed in 4.1.6?
07-06-2012 05:38 AM
Isnt RSA512 just really bad?
At least use 1024 if your have performance concerns.
FIPS 140-2 states one should use 2048 while EU-CRYPTII says something like at least 2444 bits for assymetric encryption (in reality 4096 is the next step).
A true CA should use as high encryption as possible for example 16384 where the issued certs uses 4096 or such.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
