03-12-2013 03:52 AM - edited 03-11-2019 06:13 PM
Hi everyone,
I would like to ask whether SHA1 signature algorithm is available for FWSM. We use FWSM code version 3.2(22) in our production network where only MD5 signature algorithm is available. There is a need to upgrade to stronger algorithm SHA1. From my experience I know that this is possible on ASA firewalls running on 8.4. codes. Certificates generated on code 8.4. automatically use SHA1 with RSA Encryption.
Is it possible to have Signature algorithm SHA1 on FWSM? If so, in which code version?
Thank you very much in advance.
ASA 5550 sample output:
hba-pf-a# sh crypto ca cert
Certificate
Status: Available
Certificate Serial Number: caf44050
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
Signature Algorithm: SHA1 with RSA Encryption
Issuer Name:
hostname=hba-pf-a.domain.com
Subject Name:
hostname=hba-pf-a.domain.com
Validity Date:
start date: 19:46:58 cest Oct 24 2012
end date: 19:46:58 cest Oct 22 2022
Associated Trustpoints: BSO_SELF_SIGNED
hba-pf-a# sh ver
Cisco Adaptive Security Appliance Software Version 8.4(4)5
System image file is "disk0:/asa844-5-k8.bin"
Config file at boot was "startup-config"
hba-pf-a up 138 days 17 hours
Hardware: ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
.
.
....
03-12-2013 05:30 AM
Hello Michal,
i have tried in the LAB with version 4.0.1, and i got it as MD5 signature. i checked all official FWSM documents and i dont see this mentioned anywhere, so i guess its not supported on FWSM.
Regards,
Othman
03-12-2013 05:44 AM
Thank you very much Othman for quick reply and your support on this matter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide