Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

317
Views
0
Helpful
0
Replies
Highlighted
euanellis
Beginner
Beginner
‎08-06-2020 04:21 AM
‎08-06-2020 04:21 AM

Cisco IOS root ca fingerprint

Hi everyone,

We are deploying a IOS Cisco root CA and the root ca certificate is persistently being generated with an MD5 and SHA1 fingerprint. We have been able to configure the PKI sign identity certificates with SHA256 etc but failed with the root ca. 

 

How do you change the fingerprint on the Root CA to be more secure; ie. SHA256 or SHA512? 

 

Redacted config extract shown below:

 

crypto pki server ROOTCA

 database level complete

 database archive pkcs12 password

 issuer-name CN=RootCA,ou=pki, o=hash

 grant auto trustpoint ROOTCA

 hash sha512

 lifetime certificate 180

 lifetime ca-certificate 730

 auto-rollover 90

!

crypto pki trustpoint ROOTCA

 revocation-check crl

 rsakeypair ROOTCA

 regenerate

 hash sha256

 

CA Certificate

  Status: Available

  Version: 3

  Certificate Serial Number (hex): 02

  Certificate Usage: Signature

  Issuer:

    cn=RootCA

    ou=pki

    o=hash

  Subject:

    cn=RootCA

    ou=pki

    o=hash

  Validity Date:

    start date: 10:54:39 UTC Aug 6 2020

    end   date: 10:54:39 UTC Aug 6 2022

  Subject Key Info:

    Public Key Algorithm: rsaEncryption

    RSA Public Key: (4096 bit)

  Signature Algorithm: SHA512 with RSA Encryption

  Fingerprint MD5: ***some hash***

  Fingerprint SHA1: *** some hash***

0 Helpful
0 REPLIES 0
Latest Contents
securing n5548af with copp
Created by blackmetal on 09-27-2020 12:08 AM
0
0
0
0
Hello,i have a N5k-k5548up-af and i have a acl for trusted network which is attached to line vty and to my uplinks interface, and i have around 250 interface vlan and my interface vlans can reach bgp port or snmp port, is there nayway that tune copp to pe... view more
From Zero to CCIE Security: Tips to Prepare for the CCNP & C...
Created by ciscomoderator on 09-25-2020 05:58 PM
0
5
0
5
This event had place on Tuesday 22nd, Septemberat 10hrs PDT  Introduction Featured Author Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role help... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 09-25-2020 06:00 AM
1
30
1
30
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Getting started with ISE
Created by dgaikwad on 09-24-2020 10:54 PM
2
0
2
0
There has been a lot of grey area when one needs to get started with ISE or when one does not have any specific background.Could you please guide me to what are the thing that one needs to know inside out and what are the things which require only a minim... view more
FMC - Error while trying to insert object via Python
Created by isaac_ferreira on 09-24-2020 08:12 PM
0
0
0
0
Hello Guys, I'm trying to create a simple script to create new objects on FMC via API, but I'm facing issues(Python 3.8). Script(that pretty simple, I'm not programmer, but I'm trying): import base64import sysimport requestsimport reimport ... view more
Content for Community-Ad