It has been flagged that our routers are currently using sha1
We needed an extra certificate server anyway so I created one with a certificate using key modus of 2048.
Cisco said this would automatically use a hash of sha256.
My first question is - does anyone know the command that will show the hash value of the new certifcate ?
Secondly I have noticed that 'hash' is an option on both ca-server and ca-trustpoint and I am wondering if the new ca-server and then the remote ca-trustpoints need to have hash sha256 set in them.
Go to Solution.
@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.
View solution in original post
Thanks Rob spot on. I have included 'hash sha256' in both the ca-server and ca-truspoint and the certifcates are now being installed correctly.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: