cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1002
Views
5
Helpful
2
Replies

Cisco router certifcate with weak hash algorithm

Richard Tapp
Level 1
Level 1

It has been flagged that our routers are currently using sha1

We needed an extra certificate server anyway so I created one with a certificate using key modus of 2048.

Cisco said this would automatically use a hash of sha256.

My first question is - does anyone know the command that will show the hash value of the new certifcate ?

Secondly I have noticed that 'hash' is an option on both ca-server and ca-trustpoint and I am wondering if the new ca-server and then the remote ca-trustpoints need to have hash sha256 set in them.

1 Accepted Solution

Accepted Solutions

@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.

View solution in original post

2 Replies 2

@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.

Thanks Rob spot on. I have included 'hash sha256' in both the ca-server and ca-truspoint and the certifcates are now being installed correctly.