Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Cisco IOS root ca fingerprint

euanellis
Beginner
Beginner

‎08-06-2020 04:21 AM

Hi everyone,

We are deploying a IOS Cisco root CA and the root ca certificate is persistently being generated with an MD5 and SHA1 fingerprint. We have been able to configure the PKI sign identity certificates with SHA256 etc but failed with the root ca. 

 

How do you change the fingerprint on the Root CA to be more secure; ie. SHA256 or SHA512? 

 

Redacted config extract shown below:

 

crypto pki server ROOTCA

 database level complete

 database archive pkcs12 password

 issuer-name CN=RootCA,ou=pki, o=hash

 grant auto trustpoint ROOTCA

 hash sha512

 lifetime certificate 180

 lifetime ca-certificate 730

 auto-rollover 90

!

crypto pki trustpoint ROOTCA

 revocation-check crl

 rsakeypair ROOTCA

 regenerate

 hash sha256

 

CA Certificate

  Status: Available

  Version: 3

  Certificate Serial Number (hex): 02

  Certificate Usage: Signature

  Issuer:

    cn=RootCA

    ou=pki

    o=hash

  Subject:

    cn=RootCA

    ou=pki

    o=hash

  Validity Date:

    start date: 10:54:39 UTC Aug 6 2020

    end   date: 10:54:39 UTC Aug 6 2022

  Subject Key Info:

    Public Key Algorithm: rsaEncryption

    RSA Public Key: (4096 bit)

  Signature Algorithm: SHA512 with RSA Encryption

  Fingerprint MD5: ***some hash***

  Fingerprint SHA1: *** some hash***

0 Helpful
0 REPLIES 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents