Cisco AsyncOS 7.5.1-074 for Web FCS Release Notification

Similar Messages

• AsyncOS 6.3.5-015 for Web is GA

  Hello,
  Cisco is pleased to announce the General Availability (GA) of a maintenance release of AsyncOS 6.3.5-015 for Web to all customers. This release applies to all our Web Security Appliances (S-Series).
  We specifically encourage customers that are using a previous version of AsyncOS 6.3.4 for Web and customers on the S160 hardware platform to take advantage of the fixes outlined below by upgrading their Web Security Appliances to this latest release.
  Partial list of defects fixed in AsyncOS 6.3.5-015 for Web
  Fixed: Web Proxy does not properly tunnel CONNECT requests in some cases [Defect ID: 71947]
  Fixed: Accessing some web servers fails when an upstream proxy server is configured [Defect ID: 56386]
  Fixed: Web Proxy generates a core file connecting to some HTTPS servers [Defect ID: 69397]
  Fixed: Web Proxy generates a core file in some networks with an upstream proxy server [Defect ID: 72022]
  Fixed: Additional logging and robustness fixes have been added to provide stability on 1U platform [Defect ID:68955]
  For further information about this release, please refer to the attached AsyncOS Release Notes.
  Thank you for choosing Cisco IronPort Security Products.
  Best Regards,
  Eduardo

  .

• AsyncOS 7.0.0-819 for Web is GA

  Hello,
  Cisco is pleased to announce the General Availability (GA) of a new major release of AsyncOS 7.0.0-819 for Web to all customers. This release applies to all our Web Security Appliances (S-Series).
  Please be advised that AsyncOS 7.1 for Web is expected to be available shortly. This release will contain all the functionality contained in 7.0 plus support for advanced reporting and tracking as well as support for centralized management of 7.0 features using a Cisco IronPort Security Management Appliance (M-Series). If you are using a M-Series device to manage your Web Security Appliances, you may want to wait for the availability of AsyncOS 7.1 for Web.
  New Features and Enhancements in AsyncOS 7.0.0-819 for Web
  New Feature: Cisco AnyConnect Secure Mobility
  New Feature: Application Visibility and Control
  New Feature: Safe Search and Site Content Rating
  New Feature: Bandwidth Control for Streaming Media
  New Feature: HTTP Instant Messaging Controls
  New Feature: SaaS Access Control
  New Feature: Sophos Anti-Virus Scanning
  New Feature: Transparent User Identification for Novell eDirectory
  New Feature: Outbound Malware Scanning
  New Feature: Application Scanning Bypass
  New Feature: WBRS Threat Details
  New Feature: What’s New In This Release
  Enhanced: Per Identity Authentication Settings
  Enhanced: PAC File Hosting
  Partial list of defects fixed in AsyncOS 7.0.0-819 for Web
  Fixed: Access log entries are not written when custom fields use incorrect syntax [Defect ID: 72682]
  Fixed: Gateway Timeout errors occur for certain websites when HTTPS Proxy is enabled [Defect ID: 70547]
  Fixed: AsyncOS does not send compressed access logs to a remote server using FTP or SCP [Defect ID: 68332]
  Fixed: Web Proxy does not query all LDAP groups in some cases [Defect ID: 65977]
  Fixed: Web Proxy performance is slow with some complex configurations [Defect ID: 54720]
  Fixed: Application fault occurs when accessing an Access Policy with a non-existent Identity [Defect ID: 54676]
  Fixed: Web Proxy creates invalid cookies for requests to hostnames belonging to some particular top-level domains in some cases [Defect ID: 49758]
  For further information about this release, please refer to the attached AsyncOS Release Notes.
  Thank you for choosing Cisco IronPort Security Products.
  Best Regards,
  Eduardo

  Hi,
  I need to upgrade the AsyncOS of  WSA from version 6.0.1 819 to 7.0.0 819.
  In case the upgrade fails, I'd like to know if there is a way to roll back to an ealier version of AsyncOS.
  Thank you

• AsyncOS 6.3.7-018 for Web is GA

  Hello,
  Cisco is pleased to announce the General Availability (GA) of a new maintenance release of AsyncOS 6.3.7-018 for Web to all customers. This release applies to all our Web Security Appliances (S-Series).
  Partial list of defects fixed in AsyncOS 6.3.7-018 for Web
  Fixed: Files do not completely download using native FTP RETR when the anti-malware action for Unscannable is set to Block in some cases [Defect ID: 74666]
  Fixed: Symbolic links are broken when viewing FTP directory in a browser [Defect ID: 3853]
  Fixed: FTP directory listing appears corrupt when using native FTP [Defect ID: 73015]
  Fixed: NTLM authentication fails after a period of time when a policy group uses many authorization groups [Defect ID: 44445]
  Fixed: AsyncOS does not send compressed access logs to a remote server using FTP or SCP [Defect ID: 68332]
  Fixed: Some HTTPS sites do not load when additional certificate authority certificates are manually installed on the appliance [Defect ID: 70306]
  Fixed: Some client applications cannot communicate with the Web Proxy with NTLMSSP authentication enabled [Defect ID: 72670]
  Fixed: Uploads fail when the connection between the Web Proxy and the destination server is slower than the connection between the Web Proxy and the client [Defect ID:72817]
  For further information about this release, please refer to the attached AsyncOS Release Notes.
  Thank you for choosing Cisco IronPort Security Products.
  Best Regards,
  Eduardo

  .

• AsyncOS 6.3.1-028 for Web is GA

  Hi,
  Cisco is pleased to announce a maintenance release of AsyncOS 6.3.1-028 for Web to all customers (GA).
  This release applies to all our Web Security Appliances (S-Series).
  This new build addresses two severe defects that have been found in the former 6.3.1-025 GA release.
  We encourage you to upgrade to this new build to benefit from the enhanced stability in 6.3.1-028.
  Enhancements and Fixes in AsyncOS 6.3.1-028 for Web
  Fixed: Some transparent HTTPS requests erroneously bypass all Routing Policies
  and go directly to the Internet. [Defect ID: 55596]
  Previously, when Routing Policy membership depended on data in a request header,
  such as the URL, then transparent HTTPS requests failed to match the Routing Policy.
  Instead, they were routed directly to the Internet. This no longer occurs.
  Now, those transparent HTTPS requests match the Default Routing Policy.
  Fixed: Web Proxy generates a core file and restarts in some cases. [Defect ID: 65975]
  Previously, the Web Proxy generated a core file and restarted when repeatedly connecting to
  servers that delivered 503 Bad Gateway responses to the Web Proxy. This no longer occurs.
  For further information about this release, please refer to the AsyncOS Release Notes on our Support Portal:
  http://www.ironport.com/support/
  While you are there, take the chance to have a look at the other new releases available currently:
  Sawmill 7.3.2 and AsyncOS 6.3.3 FCS.
  For an overview over the different release stages, have a look at this knowledge base article:
  http://tinyurl.com/yzm4ysu
  Best Regards,
  Jakob

  .

• AsyncOS 6.3.5-015 for Web

  We are currently running 6.3.3-015 but are running
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  something called defect 44344.
  They say our proxy service is crashing which is causing timeouts on web surfing.
  Ironport suggests going version 6.3.5-015 but I'm not sure how stable that version is and how long it has been released.
  Anyone have any experience w/ AsyncOS 6.3.5-015?
  thx,
  cris

  .

• AsyncOS 7.1.1-037 for web

  I see that release 7.1.1-037 is available for the WSA.  is there anywhere I can find the release notes/resolved & open caveats for this upgrade?  As seems typical, on a bleeding edge release it's near impossible to find any documentation on cisco's website, yet the upgrade is available to apply.
  I'm running 7.1.1-033 (installed it hours before Cisco yanked the upgrade due to bugs, thankfully I haven't experienced any of these bugs, since there is no rollback feature in the WSA)
  I appreciate any information.
  -Ryan

  Eric, thanks for the reply and the link to the general release notes for the WSA.
  Unfortunately, the link you provided does not include the release notes (and/or resolved/open caveats) for 7.1.1-037 (or 7.1.1-033 for that matter).
  My original question still stands:  is there somewhere that the release notes for 7.1.1-037 are posted (bug tracker, perhaps?) or does a customer blindly have to upgrade to 7.1.1-037, not knowing what bugs are fixed or open, or do they have to wait until Cisco sends out an email to Ironport customers stating the availability of the new release (which usually includes the release notes)?  
  I have seen significant delays between the WSA showing an upgrade path, and Cisco "officially" emailing customers about said upgrade.  
  In my opinion, it is always a good practice to have the related documentation (release notes, for example) available to customers when you make a upgrade available, OR, hold off on making the upgrade available until said documentation is available.   Such a practice can avoid potential confusion for the end-user.
  thanks again for your assistance,
  -Ryan

• AsyncOS 6.3.3 for Web is GA

  Hi,
  Cisco is pleased to announce a maintenance release of AsyncOS 6.3.3-015 for Web to all customers (GA). This release applies to all our Web Security Appliances (S-Series).
  Enhancements and Fixes in AsyncOS 6.3.3-015 for Web
  Fixed: Web Proxy returns incomplete web pages from objects in the web cache in some cases [Defect ID: 66076]
  Fixed: Uploading data to servers using a POST command fails in some cases [Defect ID: 52504]
  Fixed: Appliance may lock up or reboot when tailing access logs in some cases [Defect ID: 42438]
  Fixed: TLS/SSL Man-in-the-Middle Vulnerability [Defect ID: 55972]
  Fixed: hostkeyconfig CLI command erroneously returns a traceback in some cases [Defect ID: 48748]
  Fixed: Cannot join the Active Directory domain in some cases [Defect ID: 54854]
  For further information about this release, please refer to the AsyncOS Release Notes. The release notes are available on our Support
  Portal.
  Release Stage
  General Availability (GA): This release is available to all our customers and is a recommended build to be used in your production environments.
  Please have a look at the release notes and give the new build a spin!
  Thank you for choosing Cisco IronPort Security Products.
  Cheers,
  Jakob

  .

• AsyncOS 6.3.1-025 and 6.0.2-017 for Web are GA

  Dear Cisco IronPort Customer,
  IronPort, now part of Cisco, is pleased to announce the General Availability (GA) of the two maintenance releases of AsyncOS 6.3.1-025 for Web and 6.0.2-017 for Web to all customers. These releases applies to all our Web Security Appliances (S-Series).
  Enhancements and Fixes in AsyncOS 6.3.1-025 for Web
  Partial list of defects fixed in 6.3.1-025
  * Fixed: Web Security appliance spontaneously reboots due to a slow memory leak when clients used NTLMv1 authentication in some cases. [Defect ID: 52548]
  * Fixed: Webroot scanning engine stops working when downloading some .cab files. [Defect ID: 53793]
  * Fixed: Web Proxy generates a core file after a client sends a POST request to a server that returns a 503 “Service Unavailable” message in some cases. [Defect ID: 54019]
  * Fixed: Web interface erroneously shows 100% CPU utilization when rate is lower. [Defect ID: 54767]
  * Fixed: Web Proxy generates a core file and restarts in some cases. [Defect ID: 54890]
  * Fixed: Web Proxy generates a core file and restarts after processing some HTTPS requests in some cases. [Defect ID: 55407]
  Enhancements and Fixes in AsyncOS 6.0.2-017 for Web
  Partial list of defects fixed in 6.0.2-017
  * Enhancement: Added support for NTLM proxy authentication against Windows 2008 Server R2. [Defect ID: 49114]
  * Fixed: Web Security appliance spontaneously reboots due to a slow memory leak when clients used NTLMv1 authentication in some cases. [Defect ID: 52548]
  * Fixed: Webroot scanning engine stops working when downloading some .cab files. [Defect ID: 53793]
  * Fixed: WBNP engine erroneously runs at 100% due to a memory leak. [Defect ID: 54034]
  * Fixed: Web interface erroneously shows 100% CPU utilization when rate is lower. [Defect ID: 54767]
  * Fixed: Vulnerability in Secure Sockets Layer (SSL) certificates. [Defect ID: 55278]
  * Fixed: Web Proxy generates a core file and restarts after processing some HTTPS requests in some cases. [Defect ID: 55407]
  For further information about these releases, please refer to the AsyncOS Release Notes. The release notes are available on our Support Portal:
  https://supportportal.ironport.com
  If you are concerned about an issue not listed there, please contact your authorized support provider to make an inquiry.
  How to Upgrade
  Prior to upgrading, please read the Release Notes referenced above and save a copy of the configuration file somewhere other than on your appliance.
  Once you have read the Release Notes you may log into the command line of your IronPort Appliance as the 'admin' user, and type 'upgrade', or use the WebUI upgrade functionality in the "System Administration" tab.
  **NOTE** It is important that you follow the upgrade instructions available in the Release Notes. If you do attempt to upgrade and do not see the desired release version available, your appliance is likely not on a version allowed to upgrade directly. See 'Upgrade Paths', below.
  Upgrade Paths
  Please refer to the Release Notes for qualified upgrade paths.
  If your systems are on any other AsyncOS release, you will need to perform multiple upgrades as specified in the release notes. Only the immediate next step in the upgrade path will be shown to you, with the next revision being shown once you are at the approved level.
  Release Stage
  General Availability (GA): This release is available to all our customers and is a recommended build to be used in your production environments.
  Thank you for choosing Cisco IronPort Security Products.
  Best Regards,
  Jakob

  6.3.1-025 is GA and anybody can upgrade. Release notes can be found on the portal.
  Notifications are done in several stages so not every customer is notified on the first day of GA.
  I'll post a GA announcement here on the portal as well - sorry for the delay.
  Best,
  Jakob

• AsyncOS 5.1.2 for Web is now available

  IronPort Systems is pleased to announce the availability of AsyncOS 5.1.2-001 for Web on IronPort S-Series Web Security Appliances.
  This maintenance release contains all of the critical fixes from the 4 hot patch builds since the AsyncOS 5.1.1 maintenance build (5.1.1-002). These fixes fall into the following general categories:
  * HTTP proxy, protocol, and caching
  * Authentication
  * URL filtering
  * Policy configuration

  5.2.0 Stage 1 limited public release is available right now. If you contact your sales / SE person, they can have you provisioned to upgrade.
  The full public release will be available within the next 4-6 weeks.
  It is general policy to trickle the availability of a minor version before making it generally available, but this is an official (non-beta) release.

• AsynOS 5.7.1 for Web / 6.7.0 for Management are GA

  Hi,
  On 07/16 we release the combo of AsynOS 5.7.1 for Web / 6.7.0 for Management to all out customers. Those releases will allow you to centrally manage you WSAs using a Security Management Appliance (M-Series).
  * New Feature: Centralized WSA policy management
  * New Feature: Delegated Administration for WSA policies
  * New Feature: Role-based access control with new pre-built administrator roles
  * New Feature: LDAP – AD/Radius authentication
  * New Feature: Configuration History Logs for compliance/governance needs
  Partial list of defects fixed in 6.7.0-344
  *Fixed: LDAP Connections Greatly Exceed the Maximum Specified in the LDAP Server Profile [Defect ID: 45194]
  * Fixed: Exported IP Address Search Results for Incoming Mail Shows “Last Sender Group” Twice [Defect ID: 43218]
  * Fixed: Revert Does Not Reset Configuration Settings to the Default Values [Defect ID: 47153]
  AsyncOS 5.7.1-006 for Web contains the fixes that were included in 5.6.6-006 as well.
  For further information about these releases, please refer to the AsyncOS Release Notes or contact Cisco IronPort Customer Support if you have questions in regards to anything specific that is not listed there. The release notes are available on our Support Portal:
  https://supportportal.ironport.com
  Once again I'd like to remind everybody that there is no upgrade path between AsyncOs 5.7.1 for Web and AsyncOS 6.0.0 for Web.
  Please read the release notes and have a look at this KB article before making your upgrade decision:
  http://tinyurl.com/mpd4wc
  It has been an interesting week with three new releases each with a different focus. Make your choice and give it a spin :)
  Best,
  Jakob

  Do you guys ever sleep?

• Cisco IronPort AsyncOS 6.7.6-068 for Management GA Notification

  Cisco is pleased to announce the General Availability (GA) of a new major release of AsyncOS 6.7.6-068 for
  Management to all customers. This release applies to all our Security Management Appliances (M-Series).
  AsyncOS 6.7.6-068 for Management enables Centralized Tracking and Reporting for the new features introduced in AsyncOS 7.0 for Email.
  New Features and Enhancements in AsyncOS 6.7.6-068 for Management
  New Feature: Centralized support for the reporting and tracking changes in the AsyncOS for Email release 7.0:
  RSA Data Loss Prevention
  Marketing Message Detection
  New Feature: Reporting by ESA Groups
  Enhanced: Domain-Based Executive Summary Report now configurable by:
  Domain of Email Server
  Domain of Email Address
  Fixes in AsyncOS 6.7.6-068 for Management
  Fixed: MemoryError after losing Housekeeper thread [Defect ID: 52048]
  Fixed: The Show Details link results in a timeout [Defect ID: 51558]
  Fixed: Safelist/Blocklist should be exportable via CLI [Defect ID: 43360]
  Fixed: LDAP Query strips spaces [Defect ID: 46099]
  Fixed: Tracking database time does not update after system timezone is changed [Defect ID: 49407]
  Fixed: Application error when accessing Online Help from the End User Spam Quarantine page [Defect ID: 52395]
  This release has gone through our beta program, internal soak tests and is also running in production at our FCS customers.
  Please upgrade at your convenience and let us know how you like this new release!
  Cheers,
  Jakob

  Hi,
  We identified an issue in AsyncOS 6.7.6-068 for Management that under certain circumstances can cause loss of historical reporting data when reporting groups are configured. To ensure a high quality release, further testing on our side is required.
  6.7.6-068 is no longer available for upgrade to your M-Series appliances.
  If you already upgraded to 6.7.6-068 we strongly recommend to disable group based reporting to avoid being affected.
  We expect to release a new improved build of 6.7.6 shortly and apologize for any inconvenience or confusion this might have caused.
  If you are required to upgrade to 6.7.6 before a new build is available, please contact Cisco IronPort Customer Support.
  I'll let you know once the new build is available...
  Best Regards,
  Jakob

• Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

  Hi All,
  I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
  2811 having C2800NM-ADVIPSERVICESK9-M
  2811 router connects to the Internet SW then connects to the Internet router.
  Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
  Below is router config for VPN & NAT
  crypto keyring ISR_Keyring
    pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp keepalive 10
  crypto isakmp profile isa-profile
     keyring ISR_Keyring
     self-identity user-fqdn [email protected]
     match identity user vpn-proxy.websense.net
  crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
  crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
  set peer vpn.websense.net dynamic
  set transform-set ESP-NULL-SHA
  set isakmp-profile isa-profile
  match address 101
  interface FastEthernet0/1
  description connected to Internet
  ip address 216.222.208.101 255.255.255.128
  ip access-group HVAC_Public in
  ip nat outside
  ip virtual-reassembly
  duplex full
  speed 100
  no cdp enable
  crypto map GUEST_WEB_FILTER
  access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
  access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
  access-list 103 permit ip 192.168.8.0 0.0.3.255 any
  ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
  ip nat inside source list 103 interface FastEthernet0/1 overload
  ip nat inside source route-map nonat pool mypool overload

  How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
  Check
  show crypto isakmp sa
  show crypto ipsec sa
  show crypto session
  You'd better remove the preshared key from your post.

• Cisco IronPort AsyncOS 7.0.1-010 for Email GA Notification

  Cisco, is pleased to announce the General Availability (GA) of a new major release of AsyncOS 7.0.1-010 for Email to all customers. This release applies to all our Email Security Appliances (C- and X-Series). Code named "Bally's" internally (yes, after the Casino), this release is packed with major new functionality. We have completed our usual, extensive Beta test process as well as a 2 month FCS time period; over 500 customers have already upgraded.  Though we always recommend customers test out new releases before upgrading all of your production servers, we have great confidence in this release. Please upgrade and tell us what you think!
  Note for Security Management Appliance (SMA) customers. To report on the new features in 7.0.1, you'll need to upgrade your M-Series to AsyncOS 6.7.6-068.
  New Features and Enhancements in AsyncOS 7.0.1-010 for       Email
  New Feature: RSA Email Data Loss Prevention (requires Feature         Key)
  New Feature: Guaranteed Secure Delivery (requires PXE         Encryption Feature Key)
  New Feature: Unwanted Marketing Message Detection
  Enhanced: Prioritized SMTP Routes
  Enhanced: RADIUS Groups and Protocols for External         Authentication
  Enhanced: Quarantined Messages Attachments Enhancements
  Enhanced: PXE Encryption Enhancements
  PXE Encryption Enhancements
  AsyncOS 7.0 provides the following enhancements to IronPort         Email Encryption:
  Guaranteed Secure Delivery
  Encrypt on Delivery
  Encrypt on Quarantine Exit
  Multi-Envelope Branding
  Automatic PXE Engine Updates
  Fixes in AsyncOS 7.0.1-010
  Fixed: TLS/SSL Man-in-the-Middle Vulnerability [Defect ID:         55972]
  Fixed: Reporting Engine Stops Allocating Memory, Stops         Processing Data, and Causes an Application Fault When the         Housekeeper Thread Stops [Defect ID: 52048]

  Thanks!
  Since started on Ironport ESA 3 years ago, UCE handling has always be problematic (basically, UCE is never treated as spam).
  I hope the new Unwanted Marketing Message Detection feature fixes that!

• WLC: which software-version support SHA2 certificates for Web Authentification and Web Management ?

  Hello,
  I tried to install new SHA2 3th-Party certificates on our WLCs. There are old WiSM1-Boards and 2504 to support our old 1230 Access Points, running 7.0.251.2, which didn't install it, although the config manual for 7.6 and 8.0 say that SHA2 certificates are supported since 7.0.250.0. When I tried to install the SHA2-certificates I get the message "File transfer failed" an the log says:
  *TransferTask: Dec 12 13:22:14.394: #UPDATE-3-CERT_INST_FAIL: updcode.c:1869 Failed to install Webauth certificate. rc = 1
  *TransferTask: Dec 12 13:22:14.394: #SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4085 Cannot PEM decode private key
  I tried to install the same certificates on our WiSM2-Boards, running 7.4.121.0 and I failed too. The same certificates could be installed on a 2504 running 8.0.100 without any problems.
  In all 3 cases I tried to install unchained certificates for web management and Level 3 chained certificates  for web authentication. I used the following guides to get the certificates (e.g. taken from the config manual 8.0.100):
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/70584-csr-wlc-00.pdf
  Which software versions support SHA2 certificates and which didn't ? Is the a list for it ?
  Regards

  Hello,
  I solved the problem. First I used a Debian Linux system with Openssl 1.0.1. After I searched the internet using one of the log messages above I found sites which mentioned to use Openssl 0.9.x. So I tried a productive and security fixes Debian Linux System running Openssl 0.9.8 and I succeeded. The wlcs accepted the certificate files and used it after a reboot. The Web GUI still shows a SHA1 Fingerprint, but the certificate signature Algorithm is SHA2:
  Signature Algorithm: sha256WithRSAEncryption
  When you check the openssl.org homepage Openssl 0.9.8 is still one of the actual version of openssl and is still available and fixed. But the Openssl Roadmap says:
  "We don't want to have to maintain too many branches. This is likely to include a timescale for the EOL of version 0.9.8"
  I don't know the differences between certificates made with openssl 0.9.8 and 1.0.1. Is there anybody who can explain it to me ?
  Regards