Guest

Preview Tool

Cisco Bug: CSCuj61115 - DOC: ASA 9.0/9.1 have stricter requirements for wildcard cert import

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.0 9.1

Description (partial)

Symptom:
This is a doc bug to add an official note about the stricter requirement for importing a wildcard cert on an ASA running 9.0/9.1 code as opposed to 8.4 & previous code.  This is to be more compliant with RFC 5280 (see relevant 'commonName' info):
http://www.ietf.org/rfc/rfc5280.txt

Conditions:
Prior to ASA 9.0/9.1, there was an enhancement request (CSCsl92337) to check the validity of a cert being imported so that it could also be exported later without error.  This gave a warning message for any invalid characters/values found during the import, including the wildcard (*) symbol.

Now with ASA 9.0/9.1 code, instead of just presenting a warning message when an invalid character/value is found during cert import, the ASA will reject the imported cert altogether.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.