Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
1
Replies

Cisco router sending CSR with hash as MD5

SohailGalaria
Level 1
Level 1

‎09-19-2022 06:06 AM

Hey Team,

While trying to follow the steps for manual enrollment on a Cisco router, it keeps failing since the CSR sent to the CA uses a hashing algorithm as MD5. I have tried to create new RSA keypair of keysize 2048 and specific label and use them in my trustpoint, but looks like the router is using some default configuration that I'm unable to over-ride.

Really appreciate any help.

 

Command used:

  1. enable
  2. config terminal
  3. cypto key generate rsa modulus 2048 label test-enroll
  4. crypto pki trustpoint test-enroll
  5. rsakeypair test-enroll
  6. enrollment url http://abc.domain.net
  7. subject-name CN=test
  8. hash sha256
  9. exit
  10. crypto pki authenticate test-enroll
  11. crypto pki enroll test-enroll
0 Helpful
1 Reply 1

thomas-schmid
Level 1
Level 1

‎04-01-2025 03:10 AM

I am having the same issue, with a twist: On my Cisco C3560-CX 12PD-CS, latest IOS 15.2.7, with a very similar configuration

a) If I send the enrollment request using "terminal", the signature algorithm used is sha256, as specified by the "hash sha256" configuration command

b) If I send the enrollment via URL TFTP, the signature algorithm is *always* MD5, i.e. "md5WithRSAEncryption", something which my CA (resp. openssl) refuses to accept.

So, I am very interested if you have received any answer from other people, or Cisco ? Or could you find a fix for that ?

PS: We don't have any support for these C3560 anymore, and because they are very much EOL, Cisco (on another occasion) was very coy of providing TAC support.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card