sha256 signed client certs on Firepass

Question

Due to the sunsetting of browser support for certs signed with sha1 I thought it would be a good time to look at issuing new VPN user certificates with sha256 sigs instead.  In testing I've found my Firepass does not seem to like the sha256 signed certs.&nbsp;
I checked the KB and searched around here and didn't find anything on the topic.  Anyone have any feedback?&nbsp;
I know VPN client certs aren't at issue with the browser support for sha1 signed web server certs, but it was on my brain and I liked the consistency approach.&nbsp;

seth_cooper · Answer

Hi Michael,&nbsp;
You will need to stick with sha1 certificates if using them with Firepass as sha256 certs are not supported.  This request to support sha256 is tracked as ID 266851 and you are more than welcome to open a support case asking to be linked to it.&nbsp;
You best bet is to start working toward migrating from Firepass to APM which does have full sha256 support.&nbsp;
Regards,&nbsp;
Seth Cooper&nbsp;

markj_58101 · Answer

Does anybody know if anything has changed with this? Have they brought out a patch for Firepass to support SHA-2?&nbsp;
Thanks&nbsp;

seth_cooper · Answer

Hi Mark,

Unfortunately there will never be a patch to add support for SHA-2 on Firepass.

-Seth

markj_58101 · Answer

Thanks Seth, I thought that might be the answer but thought I would double check.&nbsp;
Thanks&nbsp;

Forum Discussion

sha256 signed client certs on Firepass

4 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

use irule to sign data using sha256

POC: Create and sign a JWT with iRule

AS3 signed rpms

Zero Trust building blocks - Leverage F5 NGINX Plus Single Sign-On (SSO) and F5 XC

APM Cookbook: Single Sign On (SSO) using Kerberos