08-10-2022 12:59 AM
It has been flagged that our routers are currently using sha1
We needed an extra certificate server anyway so I created one with a certificate using key modus of 2048.
Cisco said this would automatically use a hash of sha256.
My first question is - does anyone know the command that will show the hash value of the new certifcate ?
Secondly I have noticed that 'hash' is an option on both ca-server and ca-trustpoint and I am wondering if the new ca-server and then the remote ca-trustpoints need to have hash sha256 set in them.
Solved! Go to Solution.
08-10-2022 01:06 AM
@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.
08-10-2022 01:06 AM
@Richard Tapp from the CLI run "show crypto pki certificate verbose" this will tell you the Signature algorithm. Yes the CA needs to be configured for SHA256.
08-10-2022 01:31 AM
Thanks Rob spot on. I have included 'hash sha256' in both the ca-server and ca-truspoint and the certifcates are now being installed correctly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide