Solved: Cisco UCS 5108 Chassis with FI6324 - CIMC SSL CSR

Keef · ‎08-01-2018

Good afternoon!

I am working to secure my 5108 blade chassis CIMC access with CA signed SSL certificates but I'm hitting a snag. The CSRs generated by the UCSM GUI use the legacy SHA1 hashing algorithm and I can't see any way to change to SHA256/512.

It looks like the "Key Rings" in the UCSM GUI only allow for key-length customization but do not allow for hashing algorithm customization.

Is it possible to generate CSRs with SHA256 on the UCSM?

Thanks!

Kirk J · ‎08-01-2018

Greetings

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz64587/?reffering_site=dumpcr

I just checked a test CSR on 3.23c, and it had a sha256 hashing algorithm.

Looks like 3.2(3a) or higher changed the default to sha256.

Thanks,

Kirk...

View solution in original post

Kirk J · ‎08-01-2018

Greetings

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz64587/?reffering_site=dumpcr

I just checked a test CSR on 3.23c, and it had a sha256 hashing algorithm.

Looks like 3.2(3a) or higher changed the default to sha256.

Thanks,

Kirk...

Keef · ‎08-09-2018

Thanks, Kirk!

I upgraded to 3.23c and the CSRs are now generated with a SHA256 hash.

Interesting that this is not configurable but I'm all set now!