Forum Discussion
13 Replies
Sort By
- Jorge_Herran_14Altostratus
something useful; I am running in my ltms the last software version
- nitassEmployee
i understand by default it is changed to sha256 since 11.5.0.
ID389552 - Use SHA-256 instead of SHA1 when signing RSA keys.
this is 11.6.0.
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) create sys crypto key test.key key-size 2048 gen-csr country US city Seattle state WA organization acme ou IT common-name test.acme.com email-address test@acme.com To sign a third party certificate use: -----BEGIN CERTIFICATE REQUEST----- MIIC4TCCAckCAQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH EwdTZWF0dGxlMQ0wCwYDVQQKEwRhY21lMQswCQYDVQQLEwJJVDEWMBQGA1UEAxMN dGVzdC5hY21lLmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEBhY21lLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5Uw3n1e6dMTVmqcxo+6nrjSQOY ABgvId7WawMVPAti6oSSZNNx0DbwJhdzd/9sfvBLKVpfak8WdH0KjrIdUyriqIwY XZisMwqMNXgAZUgEym1azgPAYUSUuXDjT6OSJcEY2+DY0ilwc/VODm5kQPCs48Fn +q6Y7Fz+g80gDnle9pKm/1ivnsrbFxEIoDwVUUPhjFTeCcPOkUcHMsM0oUWfFF1b kxWBt7c8Qba/cv7IbTADlDn5V72fEhGTIFkrzxmlRbdlt4UNSmSLZDd/1+vUw8re DcedSdVaRcnud+5T+t+6xZAmFDug0qLg17qo0Zj8nvZ+VeEue2zLmR42KC8CAwEA AaAeMBwGCSqGSIb3DQEJATEPFg10ZXN0QGFjbWUuY29tMA0GCSqGSIb3DQEBCwUA A4IBAQAdDk2q8Bq6Fpbt4N4rG5WADC13ohroFaHLt1V0wHUsrDrhH9OmFGZVKIrt 9o2yZGOvynn9Nc4DpvSHOF8e5mH5gejmrmtkfLI3JlcRLe9iyc0muwFvPKfyFTZk /+BL1CGmbUUAmfLBOHNZS/eF4665ePwz74YsfdsehFMMKvkrz0cUea78zPaboKBn wldgyD83k9VthnmZ0yU9phIGSE7QcGGeVfs6Q/hS8MzD70f4r16HZSrfB4UFV8OO WF+NrVDRgaMsp3LtHpZfIk1XXAol2DYgYNZjEcteZ++5j9c/OpiWjTYQkMGSQd/G X7K2wb7EykRd1oxYwj0J3EVWuTCw -----END CERTIFICATE REQUEST----- root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) q [root@ve11c:Active:In Sync] config [root@ve11c:Active:In Sync] config openssl req -noout -text -in /config/ssl/ssl.csr/test.csr | grep -i signature Signature Algorithm: sha256WithRSAEncryption
- Jorge_Herran_14Altostratusthanks nitass. I will do as you have show me. I understand for your answer that it isn't possbile to do it from the graphical interface right?
- nitassEmployeeyes (in current version).
- Jorge_Herran_14AltostratusHi nitass you know i checked the certificate that i have generated from the graphical interface and you know it is sha256, so when you select RSA on the version 11.6, it use by defect sha256. There is my check thanks to your info: [root@ltm1:Active:In Sync] config openssl req -noout -text -in /config/ssl/ssl .csr/aunclic.grupobancolombia.com.csr | grep -i signature Signature Algorithm: sha256WithRSAEncryption
- nitass_89166Noctilucent
i understand by default it is changed to sha256 since 11.5.0.
ID389552 - Use SHA-256 instead of SHA1 when signing RSA keys.
this is 11.6.0.
root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) create sys crypto key test.key key-size 2048 gen-csr country US city Seattle state WA organization acme ou IT common-name test.acme.com email-address test@acme.com To sign a third party certificate use: -----BEGIN CERTIFICATE REQUEST----- MIIC4TCCAckCAQAwfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH EwdTZWF0dGxlMQ0wCwYDVQQKEwRhY21lMQswCQYDVQQLEwJJVDEWMBQGA1UEAxMN dGVzdC5hY21lLmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEBhY21lLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5Uw3n1e6dMTVmqcxo+6nrjSQOY ABgvId7WawMVPAti6oSSZNNx0DbwJhdzd/9sfvBLKVpfak8WdH0KjrIdUyriqIwY XZisMwqMNXgAZUgEym1azgPAYUSUuXDjT6OSJcEY2+DY0ilwc/VODm5kQPCs48Fn +q6Y7Fz+g80gDnle9pKm/1ivnsrbFxEIoDwVUUPhjFTeCcPOkUcHMsM0oUWfFF1b kxWBt7c8Qba/cv7IbTADlDn5V72fEhGTIFkrzxmlRbdlt4UNSmSLZDd/1+vUw8re DcedSdVaRcnud+5T+t+6xZAmFDug0qLg17qo0Zj8nvZ+VeEue2zLmR42KC8CAwEA AaAeMBwGCSqGSIb3DQEJATEPFg10ZXN0QGFjbWUuY29tMA0GCSqGSIb3DQEBCwUA A4IBAQAdDk2q8Bq6Fpbt4N4rG5WADC13ohroFaHLt1V0wHUsrDrhH9OmFGZVKIrt 9o2yZGOvynn9Nc4DpvSHOF8e5mH5gejmrmtkfLI3JlcRLe9iyc0muwFvPKfyFTZk /+BL1CGmbUUAmfLBOHNZS/eF4665ePwz74YsfdsehFMMKvkrz0cUea78zPaboKBn wldgyD83k9VthnmZ0yU9phIGSE7QcGGeVfs6Q/hS8MzD70f4r16HZSrfB4UFV8OO WF+NrVDRgaMsp3LtHpZfIk1XXAol2DYgYNZjEcteZ++5j9c/OpiWjTYQkMGSQd/G X7K2wb7EykRd1oxYwj0J3EVWuTCw -----END CERTIFICATE REQUEST----- root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) q [root@ve11c:Active:In Sync] config [root@ve11c:Active:In Sync] config openssl req -noout -text -in /config/ssl/ssl.csr/test.csr | grep -i signature Signature Algorithm: sha256WithRSAEncryption
- Jorge_Herran_14Altostratusthanks nitass. I will do as you have show me. I understand for your answer that it isn't possbile to do it from the graphical interface right?
- nitass_89166Noctilucentyes (in current version).
- Jorge_Herran_14AltostratusHi nitass you know i checked the certificate that i have generated from the graphical interface and you know it is sha256, so when you select RSA on the version 11.6, it use by defect sha256. There is my check thanks to your info: [root@ltm1:Active:In Sync] config openssl req -noout -text -in /config/ssl/ssl .csr/aunclic.grupobancolombia.com.csr | grep -i signature Signature Algorithm: sha256WithRSAEncryption