Symptom
Certificate authentication is not working. Below syslog message is generated:
%CRYPTO_ENGINE-3-CSDL_COMPLIANCE_FAIL_RSA: Cisco PSB security compliance violation is detected. Use of weak (1024 bit) key is denied and GETVPN is failing to establish VPN tunnel
Conditions
GetVPN with certificate based authentication.
Workaround
1) Use more secure certificates with 2048 bit key size or longer.
2) Disable CSDL in ROMMON by setting below variable:
CSDL_MODE_DISABLE=1
Use "sync" command in order to apply changes.
Further Problem Description
