- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 12:59 AM
It has been flagged that our routers are currently using sha1
We needed an extra certificate server anyway so I created one with a certificate using key modus of 2048.
Cisco said this would automatically use a hash of sha256.
My first question is - does anyone know the command that will show the hash value of the new certifcate ?
Secondly I have noticed that 'hash' is an option on both ca-server and ca-trustpoint and I am wondering if the new ca-server and then the remote ca-trustpoints need to have hash sha256 set in them.
Solved! Go to Solution.
- Labels:
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 01:06 AM
@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 01:06 AM
@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 01:31 AM
Thanks Rob spot on. I have included 'hash sha256' in both the ca-server and ca-truspoint and the certifcates are now being installed correctly.
