Cisco Security :: ACE20-MOD Does Not Recognize 2048 Bit Certificate As Trusted
Dec 16, 2011
I have bought and installed a 2048bit certificate from Thawte on a ACE20-MOD-K9 module. The appliance can't use it and gives the following error: "This certificate cannot be verified up to a trusted certfication authority."I have contacted Thawte about this and they suggest to install an intermediate certificate from Thawte on the module, but I can't find such a certicicate for Cisco on their site. Also I'm not sure how to go about implementing such an intermediate certificate on the ACE.
I have a doubt about CiscoWorks. I need to generate the self-signed certificate with a key of 2048 bits to generate a CA with VeriSign. CiscoWorks do this automatically with a key of 1024 bits and I do not find a form to elect a a diferent key. Is it possible to generate a certificate with 2048 bits key?
Another problem is that I have CiscoWorks installed on Solaris. Many times at day the web application does not work and the only way to recuperate it is with the command "init 6" and I have to way 15 minutes until I can have access again. Why is produced this error? Who can I fit it?
We have some Windows 7 clients that are running the 4.8 agent. NAC will process the user and move them to the trusted vlan. However, the agent stays open and appears to keep running/processing something. THe user can minimize the agent and work normally, and a reboot appears to fix the issue.
I have set up my desktop (has wireless) running Vista, which uses a broadband usb modem, AD HOC all was ok. Then set up the wireless laptop running xp, It reconizes the Desktop but wants a network security key(password). I tried useing the "password" that I used to set up the desktop with but the Laptop will not accept itSays the network xxxxxxx requires a network key(aso called a WEP key or Wpa key)....... Type in the key, and then click Connect.
I've got a Cisco 851 running IOS12.3. I'm trying to install a SSL Certificate but after following all the instructions and installing a CA certificate I'm not getting the full chain of authority in a browser just the devices certificate itself. I've repeated the installation process using individual CA certificates all up and down the chain but still the same results.
Is it possible to generate CSR using SH1 instead of md5 on Cisco 1841 for SSL VPN, because the provider that I try to use doesn't accept md5. Also tried to import there private key and got an error "Error: invalid PEM boundary"
I have a SSL certificate from a third party that is showing under the Identity in ADSM, howerver the audit scan of the firewall shows that the SSL Certificate Signed with an unknown certification Authority. I have installed the Intermediate Primary and Secondary Certificate from the third party under the CA Certificate of the ADSM however when I verify the SSL certificate it still shows as self-signed. What other steps do I miss. I have attached some screenshots.
We have the acs server which has the ssl certficate(certifcate authority) running in acs 3.2 windows version for eap-tls enduser authentication.
We want the same to be migrated to acs 4.2(appliance) application. I have tried in different ways to push the certificate but i couldn't.
I have tried Thru System Configuration --> ACS Certificate Setup --> Install ACS certificate --> Download certficate file In that i have mentioned the FTP server IP address, credentials, path and file name
But if i submit the request its giving the directory not found or credentials wrong.
I am attempting to install a third party SSL cert (GoDaddy) to properly secure the external interface of my 1811 ISR so that I can implement SSL VPN. I have tried using SDM 2.5, but that doesn't appear to be working. I am familiar with doing this on a Cisco 3005 Concentrator, but I'm not aware of how to install an intermediate cert on the 1811 (or if it's even possible), in order to properly have the GoDaddy cert properly imported and used for SSL VPN. I have gone through the CSR process and have the initial cert from them generated and have imported it, but it never appears to be identified correctly if I browse to the external interface on the router. The router always defaults to its self-signed cert.
We have NAC 4.0.5 and windows active directory domain the clients log on to the client to access the network with their domain credentials and they used to get the "Certificate is issued from an untrusted." until I installed the url.. certificate to the local certificate store.
I seem to have done something on the NAC manager that messed up something, cause now the client considers the certificate issued from a trusted source, BUT a warning stating that the name on the certificate does not match the name.
i have a problem with some sites! i cant access to them ! some sites are hotmail, this one, and many other! the msg that i see every time is : There is a problem with this website's security certificate. The security certificate presented by this website has expired or is not yet valid.
Whenever I try to set up a security code for any of the settings (WEP/WPA etc), as soon as I hit save my computer does not recognize it and I get kicked off the internet and have to restart my router. I have the Linksys model number WRT160N V3
My issue occurs on ALL of my home computers (MacBook and iMac using wi-fi) and ALL of my browsers (Safari, Firefox, Chrome).The problem:- Security Certificates: They pop up daily for Facebook mostly, but also Twitter. I will click Continue, which takes me to...- 404 Error/Page Not Found Error: After the Certificate error mentioned above, this happens. Mostly to YouTube. It will stay like this for a few hours. I've cleared cache, rebooted, etc. etc. Nothing works.- Images turn into little blue boxes with a question mark in them. **When this happens, it's an indication that a Certificate box will pop up out of the blue.- Even on Google.com, it will say: Invalid URLThe requested URL "/", is invalid.Reference #9.df260e6b.1336506889.420cf4fSo what can I do? It happens on both my Macbook Pro and iMac - both connected wirelessly to a Linksys router/cable modem. The router is Wireless-N Broadband Router WRT160Nv3 with Firmware Version: v3.0.02.
We have c3750s running NAC 4.8. Occassionally, a workstation will flap between the untrusted and trusted vlans. We updated the NIC drivers on the workstation, we verified SNMP was functioning correctly on the switch, and we allowed the phones to act as the pass-through between the workstation and the switch. What could cause the workstation IP Address to not redirect to a TRUSTED VLAN from the NAC_UNTRUST VLAN? All updates have been downloaded to the workstation.
I'm installing ACS4.2 in our lab domain and want to leverage the corporate domain for authentication. The one way trust is in place, but there is a facet that I'm not clear on in regards to the installation requirement.
I'd like to install ACS on a lab domain member server, but I'm not sure that will work. The installation docs seem to imply that a member server must be in the same domain as the authentication server, but its not very clear. if I want to use the one way trust to the Corporate Domain, am I required to install ACS on the domain controller of the Lab Domain?
I'm going nuts with this ASA5505. This is a secondary firewall used only in emergencies when the primary Checkpoint failes.
The basics, it has two trusted interfaces, E0/1 and E0/2-6. E0/1, inside2 has 192.168.01/29 and inside is 192.168.200.1/24. I'd like any traffic to be allowed from inside and inside2 to outside and any traffic from the inside interfaces should be routed. No restrictions should apply between the two interfaces.
inside works just fine but no traffic is going out of inside2, not to outside or to inside.
I am in need of a Static IP alternative (My ISP chooses not to offer the service). I do not need the Static IP to access my own devices. I need to access other networks as a "trusted" user.
How do I monitor the traffic passing each individual ports on a Cisco SLM2048 Gigabit smart switch.This switch is the core where other switches connects to.I wanted to know which ports carries the most traffic and probably apply some changes.
There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
%ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?
I have a SWR 2048 switch that has started to make some noise - I suspect one of the fans is starting to go. It looks like the fans are from Sunon, 40mm x 40mm x 20mm, 3 pin, 12v. Does anyone know the model number or a good source for a replacment fan?
So because of the way active directory handles Group Policy I have been tasked with finding out why this is failing over the WAN. Basically I know why, but don't know how to correct it. I am trying to increase the MTU over an ipsec tunnel to 2048 to allow Microsoft Slowlink detection to occur. [URL] Basically, it sends 2 icmp packets. One at a normal size and one at a size of 2048. In my case this is trying to occur over an ipsec tunnel and failing due to the MTU being at 1440. I have seen a few articles about increasing it to 1500, but is there a way to increase the MTU to allow the 2048 sized icmp packets?
I'm working on task to update the SSL certificate for an application. steps to upgrade the SSL, stuffs need to be checked before and after the installation and how to verify the new certificates.
I have double-checked credentialn and access rules on the module and they seem OK. I am trying to add the module with the Admin credentials and ssh/telnet access is permited.
Is this the right way or I'm missing something. Module version is A2(3.2a)
Recently we have added cisco 6513 switch in ciscoworks which is having ACE30-mod-k9 module in it. now for any events syslog messages are logged in syslog.log file of my ciscoworks server but not reflecting in my ciscoworks portal. i can see the syslog alearts in syslog.log file.also email notifications i m not getting for the same though email credentials are mentioned in SYSLOG automated actions in RME.
I want to route gre traffic through an ACE20, but it doesn't seem to work. The only thing I configured was an ACL with gre enabled, but the ACE20 seems to drop the gre packtes. The gre traffic is entering via the vlan 561 interface and should be send out via the vlan 472 interface. Source 10.94.32.212, destination 10.94.132.39. The tunnel control traffic on port tcp/1723 is working fine. In the service-policies is nothing configured for the gre traffic.
We are using an ACE engine module(ACE20-MOD-K9) provide loading balancing service for two WEB servers and configured cookie for stickness. Below is the current configuration and it seems working fine now.
The problem I was facing is before use parameter-map change the http header length to 8k the stickness doesn't really working properly. User complains that their working session constantly be kicked out and redirect them to login page. By tracing traffic from a client we found that sometime ACE fails or stop insert the configured cookie, after increase the header length ACE start getting work.
how does the header length setup effect ACE to insert a cookie? Will the cookie insert attmpt fail if the header is longer then the maximum length configured on ACE? [code]
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20. When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to [URL], whenever we click on this link, the request is directed to [URL] i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open [URL] it forwards the requests to [URL] opendocument....., but this redirection fails and again the request is thrown to homepage i.e., [URL]
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
