Cisco Bug: CSCuj61115 - DOC: ASA 9.0/9.1 have stricter requirements for wildcard cert import
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: This is a doc bug to add an official note about the stricter requirement for importing a wildcard cert on an ASA running 9.0/9.1 code as opposed to 8.4 & previous code. This is to be more compliant with RFC 5280 (see relevant 'commonName' info): http://www.ietf.org/rfc/rfc5280.txt Conditions: Prior to ASA 9.0/9.1, there was an enhancement request (CSCsl92337) to check the validity of a cert being imported so that it could also be exported later without error. This gave a warning message for any invalid characters/values found during the import, including the wildcard (*) symbol. Now with ASA 9.0/9.1 code, instead of just presenting a warning message when an invalid character/value is found during cert import, the ASA will reject the imported cert altogether.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases