Create a Certificate Signing Request (CSR) with an SHA-2 cryptographic hash function on the ProxySG
Article ID: 168258
Updated On:
Products
Asset Management Solution
ProxySG Software - SGOS
Issue/Introduction
Starting in SGOS 6.5.9.2, you can specify the signing hash when you create the individual Certificate Signing Request (CSR). The following information is for SGOS versions 6.5.4.1 through 6.5.9.1.
CSRs on the ProxySG appliance are by default generated for use with an SHA-1 cryptographic hash function. Using the SHA-1 hash function is not an issue if you are requesting a certificate from the Certificate Authority (CA) because the CA applies the required hash function (SHA256) to the certificate when signing the CSR.
A hidden command exists that allows you to configure the appliance to use the SHA-2 hash function when creating a CSR. To change the default SHA-1 hash function to SHA-2, log in to the CLI and type the following commands:
>en
#config t
#(config)security default-signing-hash (sha1|sha256|sha512)
CSRs on the ProxySG appliance are by default generated for use with an SHA-1 cryptographic hash function. Using the SHA-1 hash function is not an issue if you are requesting a certificate from the Certificate Authority (CA) because the CA applies the required hash function (SHA256) to the certificate when signing the CSR.
A hidden command exists that allows you to configure the appliance to use the SHA-2 hash function when creating a CSR. To change the default SHA-1 hash function to SHA-2, log in to the CLI and type the following commands:
>en
#config t
#(config)security default-signing-hash (sha1|sha256|sha512)
Feedback
Powered by
