<span style=""><span style="font-family: arial,sans-serif;"><span style="font-size: 10pt;">Starting in SGOS 6.5.9.2, you can specify the signing hash when you create the individual </span></span></span><span style=""><span style="font-family: arial,sans-serif;"><span style="font-size: 10pt;">Certificate Signing Request (CSR)</span></span></span><span style=""><span style="font-family: arial,sans-serif;"><span style="font-size: 10pt;">. </span></span></span> <span style=""><span style="font-family: arial,sans-serif;"><span style="font-size: 10pt;">The following information is for SGOS versions 6.5.4.1 through 6.5.9.1.</span></span></span><br /><br /><span style=""><span style="font-family: arial,sans-serif;"><span style="font-size: 10pt;">CSRs on the ProxySG appliance are by default generated for use with an SHA-1 </span></span></span>cryptographic hash function<span style=""><span style="font-family: arial,sans-serif;"><span style="font-size: 10pt;">. Using the SHA-1 </span></span></span> hash function <span style=""><span style="font-family: arial,sans-serif;"><span style="font-size: 10pt;">is not an issue if you are requesting a certificate from the Certificate Authority (CA) because the CA applies the required hash function (SHA256) to the certificate when signing the CSR.</span></span></span><br /><br />A hidden command exists that allows you to configure the appliance to use the SHA-2 hash function when creating a CSR.<span style="font-family: courier new,courier,monospace;"><span style="font-family: arial,helvetica,sans-serif;"> To change the default SHA-1 </span></span>hash function <span style="font-family: courier new,courier,monospace;"><span style="font-family: arial,helvetica,sans-serif;"> to SHA-2, log in to the CLI and type the following commands:</span><br /><br />><b>en</b></span><br /><span style="">#</span><span style="font-family: courier new,courier,monospace;"><b>config t</b><br />#(config)<b>security default-signing-hash (sha1|sha256|sha512)</b></span><br /><br />