Solved: Re: SHA-2 PKI Support on Cisco Switches

umahar · ‎03-01-2018

Hi,

I am trying to find out the IOS versions which support SHA-2 for device certificate but I am not able to find out relevant source.

Could anyone point me in the direction which mentions what versions (3.6.X, 15.0.X, 15.2.X) support SHA-2 for device certificate ?

umahar · ‎03-01-2018

This came up during an ISE engagement as initial web redirection would throw the switch certificate to the client and customer wanted this certificate to be SHA-2.

I couldn't find this support being mentioned in any of the release notes or navigation feature but I was able to successfully import a SHA-256 PKCS12 cert into 3.6.X and 15.0.2 train.

View solution in original post

hslai · ‎03-01-2018

This topic is not related to ISE, is it?

The certificates issued by ISE internal CA are not supported to work on Cisco IOS devices.

umahar · ‎03-01-2018

This came up during an ISE engagement as initial web redirection would throw the switch certificate to the client and customer wanted this certificate to be SHA-2.

I couldn't find this support being mentioned in any of the release notes or navigation feature but I was able to successfully import a SHA-256 PKCS12 cert into 3.6.X and 15.0.2 train.

hslai · ‎03-04-2018

Great. Lab tests are the best. Any issue on this would need to go to the switch platform teams, tho.