Forum Discussion
nitass
Employee
i understand by default it is changed to sha256 since 11.5.0.
ID389552 - Use SHA-256 instead of SHA1 when signing RSA keys.
this is 11.6.0.
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) create sys crypto key test.key key-size 2048 gen-csr country US city Seattle state WA organization acme ou IT common-name test.acme.com email-address test@acme.com
To sign a third party certificate use:
-----BEGIN CERTIFICATE REQUEST-----
MIIC4TCCAckCAQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH
EwdTZWF0dGxlMQ0wCwYDVQQKEwRhY21lMQswCQYDVQQLEwJJVDEWMBQGA1UEAxMN
dGVzdC5hY21lLmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEBhY21lLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5Uw3n1e6dMTVmqcxo+6nrjSQOY
ABgvId7WawMVPAti6oSSZNNx0DbwJhdzd/9sfvBLKVpfak8WdH0KjrIdUyriqIwY
XZisMwqMNXgAZUgEym1azgPAYUSUuXDjT6OSJcEY2+DY0ilwc/VODm5kQPCs48Fn
+q6Y7Fz+g80gDnle9pKm/1ivnsrbFxEIoDwVUUPhjFTeCcPOkUcHMsM0oUWfFF1b
kxWBt7c8Qba/cv7IbTADlDn5V72fEhGTIFkrzxmlRbdlt4UNSmSLZDd/1+vUw8re
DcedSdVaRcnud+5T+t+6xZAmFDug0qLg17qo0Zj8nvZ+VeEue2zLmR42KC8CAwEA
AaAeMBwGCSqGSIb3DQEJATEPFg10ZXN0QGFjbWUuY29tMA0GCSqGSIb3DQEBCwUA
A4IBAQAdDk2q8Bq6Fpbt4N4rG5WADC13ohroFaHLt1V0wHUsrDrhH9OmFGZVKIrt
9o2yZGOvynn9Nc4DpvSHOF8e5mH5gejmrmtkfLI3JlcRLe9iyc0muwFvPKfyFTZk
/+BL1CGmbUUAmfLBOHNZS/eF4665ePwz74YsfdsehFMMKvkrz0cUea78zPaboKBn
wldgyD83k9VthnmZ0yU9phIGSE7QcGGeVfs6Q/hS8MzD70f4r16HZSrfB4UFV8OO
WF+NrVDRgaMsp3LtHpZfIk1XXAol2DYgYNZjEcteZ++5j9c/OpiWjTYQkMGSQd/G
X7K2wb7EykRd1oxYwj0J3EVWuTCw
-----END CERTIFICATE REQUEST-----
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) q
[root@ve11c:Active:In Sync] config
[root@ve11c:Active:In Sync] config openssl req -noout -text -in /config/ssl/ssl.csr/test.csr | grep -i signature
Signature Algorithm: sha256WithRSAEncryption
nitass
May 07, 2015Employee
yes (in current version).