Guest

Preview Tool

Cisco Bug: CSCuq02213 - IOS ECDSA cert display: Incorrect 'Public Key Algorithm: rsaEncryption'

Last Modified

Feb 07, 2017

Products (20)

  • Cisco IOS
  • Cisco ASR 901-6CZ-F-D Router
  • Cisco ASR 901-6CZ-FS-D Router
  • Cisco ASR 901S-4SG-F-D Router
  • Cisco ME 3600X-24TS-M Switch
  • Cisco ASR 901-4C-FT-D Router
  • Cisco ASR 901-6CZ-F-A Router
  • Cisco ASR 901S-2SG-F-AH Router
  • Cisco ASR 901S-2SG-F-D Router
  • Cisco ASR 901-6CZ-FT-A Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.5(1)S

Description (partial)

Symptom:
'show crypto pki certificate verbose' displays incorrect Public Key Algorithm for ECDSA certificates:

Example:

Router(config)#do sh cry pki cert verb S
CA Certificate
  Status: Available
  Version: 3
  Certificate Serial Number (hex): 00
  Certificate Usage: Signature
  Issuer:
    l=bgl-ads-802
    c=BE
    o=Cisco
    ou=TAC
    cn=EC-CA
  Subject:
    l=bgl-ads-802
    c=BE
    o=Cisco
    ou=TAC
    cn=EC-CA
  Validity Date:
    start date: 20:46:01 IST Jul 22 2014
    end   date: 20:46:01 IST Jul 22 2015
  Subject Key Info:
    Public Key Algorithm: rsaEncryption ------------------------> rsa?
    EC Public Key:  (256 bit)
  Signature Algorithm: unknown
  Fingerprint MD5: 02A61005 D6F1A544 D3DC210E 34BF645D
  Fingerprint SHA1: F4E40D40 3B1B1ACB 9B8709F8 1295FBB7 164B5C09
  X509v3 extensions:
    X509v3 Key Usage: 6000000
      Key Cert Sign
      CRL Signature
    X509v3 Subject Key ID: AF2D55D9 DDE2EF7D CAFF82A0 4E024947 BB77534B
    X509v3 Basic Constraints:
        CA: TRUE
    X509v3 Authority Key ID: AF2D55D9 DDE2EF7D CAFF82A0 4E024947 BB77534B
    Authority Info Access:
  Associated Trustpoints: S

Conditions:
this happens when the certificate is signed by a CA that uses RSA keys even though the client uses EC keys
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.