cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3487
Views
5
Helpful
2
Replies
Highlighted

ASA SHA2 Support with Self-Signed Certificates

Is it possible to use the SHA2 signature algorithm when generating a self-signed certificate on an ASA? I can't seem to find any documentation showing commands that have control of things like the signature algorithm when using self-signed certificates. I've seen documentation that SHA2 is supported as of 8.4.2 for the signature algorithm, but it always refers to importing a certificate from some external CA.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hi William,

You can only generate SHA1 self signed certificate on the ASA. The workaround is to import a 3rd party certificate with SHA2 signature algorithm.

Here is the enhancement request for the same:-

ASA support for SHA-2 for crypto IPsec and PKI operations 
CSCuj67576
https://tools.cisco.com/bugsearch/bug/CSCuj67576/?reffering_site=dumpcr

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Hi William,

You can only generate SHA1 self signed certificate on the ASA. The workaround is to import a 3rd party certificate with SHA2 signature algorithm.

Here is the enhancement request for the same:-

ASA support for SHA-2 for crypto IPsec and PKI operations 
CSCuj67576
https://tools.cisco.com/bugsearch/bug/CSCuj67576/?reffering_site=dumpcr

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

View solution in original post

Highlighted

How to generate self signed certificate with MD5 hash signature algorithm instead of default SHA1 signature algorithm. could not find CLI commands under trustpoint config to change default SHA1 hasing method to MD5.

Cisco ASA 5550 - Running 8.4.7(30)

Content for Community-Ad