Cisco Community
English
Register
New community login process starting July 13 - LEARN MORE HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

952
Views
0
Helpful
0
Replies
euanellis
Beginner
Beginner
‎08-06-2020 04:21 AM
‎08-06-2020 04:21 AM

Cisco IOS root ca fingerprint

Hi everyone,

We are deploying a IOS Cisco root CA and the root ca certificate is persistently being generated with an MD5 and SHA1 fingerprint. We have been able to configure the PKI sign identity certificates with SHA256 etc but failed with the root ca. 

 

How do you change the fingerprint on the Root CA to be more secure; ie. SHA256 or SHA512? 

 

Redacted config extract shown below:

 

crypto pki server ROOTCA

 database level complete

 database archive pkcs12 password

 issuer-name CN=RootCA,ou=pki, o=hash

 grant auto trustpoint ROOTCA

 hash sha512

 lifetime certificate 180

 lifetime ca-certificate 730

 auto-rollover 90

!

crypto pki trustpoint ROOTCA

 revocation-check crl

 rsakeypair ROOTCA

 regenerate

 hash sha256

 

CA Certificate

  Status: Available

  Version: 3

  Certificate Serial Number (hex): 02

  Certificate Usage: Signature

  Issuer:

    cn=RootCA

    ou=pki

    o=hash

  Subject:

    cn=RootCA

    ou=pki

    o=hash

  Validity Date:

    start date: 10:54:39 UTC Aug 6 2020

    end   date: 10:54:39 UTC Aug 6 2022

  Subject Key Info:

    Public Key Algorithm: rsaEncryption

    RSA Public Key: (4096 bit)

  Signature Algorithm: SHA512 with RSA Encryption

  Fingerprint MD5: ***some hash***

  Fingerprint SHA1: *** some hash***

0 Helpful
0 REPLIES 0
Latest Contents
Increasing importance Of Cisco Firewalls For Network Web Sec...
Created by ErnestoJuarez on 07-27-2021 12:09 AM
0
0
0
0
Firewalling will be a critical step for organizations to better align security with changing business and networking needs. Cisco has been hard at work building an integrated security platform with our firewall at the foundation to enable businesses to ma... view more
#CiscoChat - Discover the value of SecureX with the Forreste...
Created by greghami on 07-26-2021 11:30 AM
0
0
0
0
Discover the value of SecureX A new Forrester Total Economic Impact™ study commissioned by Cisco reveals that a composite organization using Cisco SecureX can see up to 90% reduction in analyst effort per incident by adopting an integrated approach t... view more
Secure Endpoint Best Practices Guide
Created by Troja007 on 07-26-2021 01:40 AM
0
5
0
5
Dear Cisco Community,we recently published the new Secure Endpoint Best Practices Guide on cisco.com. It includes a wide range of useful information how a Cisco Secure Endpoint installation should be planned, deployed and maintained. The guide is useful ... view more
#CiscoChat Live - Cisco Secure Email + SecureX: Extending em...
Created by greghami on 07-22-2021 09:45 AM
3
0
3
0
Join us for a detailed discussion of the integrations between Cisco Secure Email and SecureX. We’ll share the various ways that SecureX provides greater visibility across the Cisco Security landscape and demonstrate how Secure Email is the ... view more
Mobile number field placeholder customization
Created by sivsivar on 07-19-2021 06:57 AM
0
0
0
0
    ISE 2.7 FCS   To display default country code and Place holder customization please follow the below steps.   Upload the attached js file in Custom Portal Files. Go to portal and add the below script in the Registration Form pag... view more
Content for Community-Ad