Forum Discussion

Mike_Ho's avatar
Mike_Ho
Icon for Cirrus rankCirrus
Oct 09, 2014

sha256 signed client certs on Firepass

Due to the sunsetting of browser support for certs signed with sha1 I thought it would be a good time to look at issuing new VPN user certificates with sha256 sigs instead. In testing I've found my Firepass does not seem to like the sha256 signed certs.

 

I checked the KB and searched around here and didn't find anything on the topic. Anyone have any feedback?

 

I know VPN client certs aren't at issue with the browser support for sha1 signed web server certs, but it was on my brain and I liked the consistency approach.

 

  • Hi Michael,

     

    You will need to stick with sha1 certificates if using them with Firepass as sha256 certs are not supported. This request to support sha256 is tracked as ID 266851 and you are more than welcome to open a support case asking to be linked to it.

     

    You best bet is to start working toward migrating from Firepass to APM which does have full sha256 support.

     

    Regards,

     

    Seth Cooper

     

  • Does anybody know if anything has changed with this? Have they brought out a patch for Firepass to support SHA-2?

     

    Thanks

     

    • Seth_Cooper's avatar
      Seth_Cooper
      Icon for Employee rankEmployee
      Hi Mark, Unfortunately there will never be a patch to add support for SHA-2 on Firepass. -Seth
  • Thanks Seth, I thought that might be the answer but thought I would double check.

     

    Thanks