Forum Discussion
nitass
Employee
i understand by default it is changed to sha256 since 11.5.0.
ID389552 - Use SHA-256 instead of SHA1 when signing RSA keys.
this is 11.6.0.
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) create sys crypto key test.key key-size 2048 gen-csr country US city Seattle state WA organization acme ou IT common-name test.acme.com email-address test@acme.com
To sign a third party certificate use:
-----BEGIN CERTIFICATE REQUEST-----
MIIC4TCCAckCAQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH
EwdTZWF0dGxlMQ0wCwYDVQQKEwRhY21lMQswCQYDVQQLEwJJVDEWMBQGA1UEAxMN
dGVzdC5hY21lLmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEBhY21lLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5Uw3n1e6dMTVmqcxo+6nrjSQOY
ABgvId7WawMVPAti6oSSZNNx0DbwJhdzd/9sfvBLKVpfak8WdH0KjrIdUyriqIwY
XZisMwqMNXgAZUgEym1azgPAYUSUuXDjT6OSJcEY2+DY0ilwc/VODm5kQPCs48Fn
+q6Y7Fz+g80gDnle9pKm/1ivnsrbFxEIoDwVUUPhjFTeCcPOkUcHMsM0oUWfFF1b
kxWBt7c8Qba/cv7IbTADlDn5V72fEhGTIFkrzxmlRbdlt4UNSmSLZDd/1+vUw8re
DcedSdVaRcnud+5T+t+6xZAmFDug0qLg17qo0Zj8nvZ+VeEue2zLmR42KC8CAwEA
AaAeMBwGCSqGSIb3DQEJATEPFg10ZXN0QGFjbWUuY29tMA0GCSqGSIb3DQEBCwUA
A4IBAQAdDk2q8Bq6Fpbt4N4rG5WADC13ohroFaHLt1V0wHUsrDrhH9OmFGZVKIrt
9o2yZGOvynn9Nc4DpvSHOF8e5mH5gejmrmtkfLI3JlcRLe9iyc0muwFvPKfyFTZk
/+BL1CGmbUUAmfLBOHNZS/eF4665ePwz74YsfdsehFMMKvkrz0cUea78zPaboKBn
wldgyD83k9VthnmZ0yU9phIGSE7QcGGeVfs6Q/hS8MzD70f4r16HZSrfB4UFV8OO
WF+NrVDRgaMsp3LtHpZfIk1XXAol2DYgYNZjEcteZ++5j9c/OpiWjTYQkMGSQd/G
X7K2wb7EykRd1oxYwj0J3EVWuTCw
-----END CERTIFICATE REQUEST-----
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) q
[root@ve11c:Active:In Sync] config
[root@ve11c:Active:In Sync] config openssl req -noout -text -in /config/ssl/ssl.csr/test.csr | grep -i signature
Signature Algorithm: sha256WithRSAEncryption
Jorge_Herran_14
May 07, 2015Altostratus
Hi nitass you know i checked the certificate that i have generated from the graphical interface and you know it is sha256, so when you select RSA on the version 11.6, it use by defect sha256.
There is my check thanks to your info:
[root@ltm1:Active:In Sync] config openssl req -noout -text -in /config/ssl/ssl
.csr/aunclic.grupobancolombia.com.csr | grep -i signature
Signature Algorithm: sha256WithRSAEncryption