cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
115
Views
5
Helpful
2
Replies

Cisco router certifcate with weak hash algorithm

Richard Tapp
Beginner
Beginner

It has been flagged that our routers are currently using sha1

We needed an extra certificate server anyway so I created one with a certificate using key modus of 2048.

Cisco said this would automatically use a hash of sha256.

My first question is - does anyone know the command that will show the hash value of the new certifcate ?

Secondly I have noticed that 'hash' is an option on both ca-server and ca-trustpoint and I am wondering if the new ca-server and then the remote ca-trustpoints need to have hash sha256 set in them.

1 Accepted Solution

Accepted Solutions

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.

View solution in original post

2 Replies 2

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.

Thanks Rob spot on. I have included 'hash sha256' in both the ca-server and ca-truspoint and the certifcates are now being installed correctly.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers