cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2064
Views
0
Helpful
2
Replies

ACE20 and hashing algorithm

e.pedersen
Beginner
Beginner

I have a secure website behind an Cisco ACE20 using A2(3.2). Everything is working great. Only that now I need to renew my certificate. When creating the CSR and sending it to my CA I get this warning:

"Alert: Your CSR has been signed using the MD5 hashing algorithm. While the MD5 hashing algorithm is not optimal it will not prevent you from using this CSR to enroll for your SSL certificate. VeriSign best practices recommend that you use a different hashing algorithm for the signature. CSR Information"

Anybody know if it is possible to use SHA instead of MD5 or what can I do in this case?

1 Accepted Solution

Accepted Solutions

stephen.stack
Enthusiast
Enthusiast

I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.

http://gnuwin32.sourceforge.net/packages/openssl.htm

openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1

The above will load a wizard format questionare for your CSR parameters similar to the ACE.

You can then upload your key, and cert when you get it to the ACE afterwards.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

View solution in original post

2 Replies 2

stephen.stack
Enthusiast
Enthusiast

I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.

http://gnuwin32.sourceforge.net/packages/openssl.htm

openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1

The above will load a wizard format questionare for your CSR parameters similar to the ACE.

You can then upload your key, and cert when you get it to the ACE afterwards.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Thanks Stephen. I created the CSR on a Linux box using OpenSSL as you say and it worked great.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: