topic NX-OS PKI SHA2 CSR in Application Networking https://community.cisco.com/t5/application-networking/nx-os-pki-sha2-csr/m-p/3009220#M43308 <P><FONT color="#000000" face="Calibri">Hi, </FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri"></FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">For our production implementation of Cisco Nexus Data Broker on Nexus 3100 series switches we are using centralised mode and OpenFlow.&nbsp; In order to secure the connection between the controller and switch we require TLS and the use of our enterprise PKI.&nbsp; Our PKI supports only SHA2 certificates and has specific requirements for fields to be included in the CSR.</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">&nbsp;</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">Creating the CSR on within NX-OS provides </FONT><A href="http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/security/6x/b_Cisco_n3k_Security_Config_6x/b_Cisco_n3k_Security_Config_6x_chapter_01100.html#task_2185183"><U><FONT color="#0563c1" face="Calibri">extremely limited options</FONT></U></A><FONT color="#000000" face="Calibri"> and all requests are SHA-1.&nbsp; SHA-1 was officially deprecated by NIST in 2011 yet I see no way of using SHA2 certificates with NX-OS.</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri"></FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">I thought of creating the certificate using openssl and then importing in PKCS#12 Format, but not sure whether that will work?&nbsp;&nbsp; Any thoughts?</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri"></FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">Cheers, </FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">Andrew</FONT></P> <P><FONT color="#000000" face="Times New Roman"> </FONT></P> Thu, 27 Apr 2017 14:27:00 GMT Andrew Devine 2017-04-27T14:27:00Z NX-OS PKI SHA2 CSR https://community.cisco.com/t5/application-networking/nx-os-pki-sha2-csr/m-p/3009220#M43308 <P><FONT color="#000000" face="Calibri">Hi, </FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri"></FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">For our production implementation of Cisco Nexus Data Broker on Nexus 3100 series switches we are using centralised mode and OpenFlow.&nbsp; In order to secure the connection between the controller and switch we require TLS and the use of our enterprise PKI.&nbsp; Our PKI supports only SHA2 certificates and has specific requirements for fields to be included in the CSR.</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">&nbsp;</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">Creating the CSR on within NX-OS provides </FONT><A href="http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/security/6x/b_Cisco_n3k_Security_Config_6x/b_Cisco_n3k_Security_Config_6x_chapter_01100.html#task_2185183"><U><FONT color="#0563c1" face="Calibri">extremely limited options</FONT></U></A><FONT color="#000000" face="Calibri"> and all requests are SHA-1.&nbsp; SHA-1 was officially deprecated by NIST in 2011 yet I see no way of using SHA2 certificates with NX-OS.</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri"></FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">I thought of creating the certificate using openssl and then importing in PKCS#12 Format, but not sure whether that will work?&nbsp;&nbsp; Any thoughts?</FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri"></FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">Cheers, </FONT></P> <P style="margin: 0cm 0cm 0pt;"><FONT color="#000000" face="Calibri">Andrew</FONT></P> <P><FONT color="#000000" face="Times New Roman"> </FONT></P> Thu, 27 Apr 2017 14:27:00 GMT https://community.cisco.com/t5/application-networking/nx-os-pki-sha2-csr/m-p/3009220#M43308 Andrew Devine 2017-04-27T14:27:00Z Re: NX-OS PKI SHA2 CSR https://community.cisco.com/t5/application-networking/nx-os-pki-sha2-csr/m-p/3744563#M51047 <P>Solved this by enabling bash and using openssl, then importing a pcks12 file</P> <P>&nbsp;</P> Mon, 12 Nov 2018 13:31:12 GMT https://community.cisco.com/t5/application-networking/nx-os-pki-sha2-csr/m-p/3744563#M51047 Andrew Devine 2018-11-12T13:31:12Z