Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
25
Helpful
4
Replies

How to specify the SHA1/SHA2 when generate CSR on CWMS

Go to solution
ctechavalitpho
Level 1
Level 1

‎06-23-2015 01:20 AM - edited ‎03-17-2019 05:17 PM

Hi,

What is the default SHA algorithm on CWMS when generating CSR?  SHA1/SHA2?

How can I specify SHA2 CSR for public CA?

Adam.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dpetrovi
Cisco Employee
Cisco Employee

‎06-24-2015 09:34 AM

Hi Adam,

In CWMS 2.0, CSR is generated with SHA1, while in CWMS 2.5, CSR is generated with SHA2.

You cannot specify this when generating CSR via CWMS Admin interface. 

-Dejan

View solution in original post

4 Replies 4

Go to solution
dpetrovi
Cisco Employee
Cisco Employee

‎06-24-2015 09:34 AM

Hi Adam,

In CWMS 2.0, CSR is generated with SHA1, while in CWMS 2.5, CSR is generated with SHA2.

You cannot specify this when generating CSR via CWMS Admin interface. 

-Dejan

Go to solution
ctechavalitpho
Level 1
Level 1
In response to dpetrovi

‎06-24-2015 04:41 PM

Is there any doc support? I need some reference for explain to client.

0 Helpful

Go to solution
Terry Cheema
VIP Alumni
VIP Alumni
In response to ctechavalitpho

‎06-24-2015 05:36 PM

Apart from this little note here, I dont think this is published anywhere on CCO:

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0111.html

But SHA1 has multiple vulnerabilities and is set to be deprecated. Here is the information posted by NIST itself recommending to stop using the SHA1.

http://csrc.nist.gov/groups/ST/hash/policy.html

And if you just google SHA1 sunset or SHA1 deprecated you come along plenty of information, for example, below URL to justify the use of SHA2.
http://www.symantec.com/page.jsp?id=sha2-transition

-Terry

Please rate all helpful posts

Go to solution
dpetrovi
Cisco Employee
Cisco Employee
In response to ctechavalitpho

‎06-25-2015 05:13 AM

And to add to Terry's comment, I've filed a documentation enhancement request to include this information in official CWMS documentation: CSCuv03028 Need to document what encryption (SHA1/SHA2) is used to generate CSR.

 

We can expect the documentation to be updated in the next few weeks (I expect it to be included in Administration/Configuration guide under Certificates section once available).

-Dejan

 

Customers Also Viewed These Support Documents