OpenSSL error while converting .p12 to .cer

openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer>

Enter Import Password:
Error outputting keys and certificates
4087C8485B7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Try adding -legacy:

openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer> -legacy

FMC deploy stucked/cannot login to FMC?

  1. ssh to FMC, expert, sudo su
  2. /etc/rc.d/init.d/console restart
  3. OmniQuery.pl -db mdb -e “select status,category,hex(uuid),body from notification;” | grep “\ 7\ “
  4. OmniQuery.pl -db mdb -e ‘delete from notification where uuid=unhex(“HEX-NUMBER-FROM-OUTPUT”);’
  5. OmniQuery.pl -db mdb -e “select status,category,hex(uuid),body from notification;” | grep “\ 7\ “

source1, source2

ACS 5.8 to ISE 3.0 migration: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

Tried to migrate ACS 5.8 to ISE 3.0 but I was getting following message: “The server selected protocol version TLS10 is not accepted by client preferences [TLS12]”.
Since TLS 1.0 is disabled by default I had to enable it in java control panel (Oracle java 1.8) and also edit file C:\Program Files (x86)\Java\jre1.8.<some_version>\lib\security\java.security, remove TLSv1 from option jdk.tls.disabledAlgorithms and finally restart the migration application.

You can do the same in linux environment for openjdk by editing /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security

Tnx to stackoverflow

Use Talos IP Blacklist on your ASA

Create bash script:

#!/bin/bash
    wget -q https://talosintelligence.com/documents/ip-blacklist
    ipblack=( $(cut -d ';' -f2 ip-blacklist ) )
    echo "conf t"
    for ip in "${ipblack[@]}"
        do
        echo "name $ip TALOS_BLACKLIST_$ip"
    done

    echo "no object-group network TALOS_BLACKLIST"
    echo "object-group network TALOS_BLACKLIST"
    for ip in "${ipblack[@]}"
        do
        echo "network-object host $ip"
    done
    echo "!"
    echo "exit"

Run it, copy-paste output to your ASA:

        ./talos-ipblacklist.sh > talos-blacklist.cfg

Source