Starting in SGOS 18.104.22.168, you can specify the signing hash when you create the individual Certificate Signing Request (CSR). The following information is for SGOS versions 22.214.171.124 through 126.96.36.199.
CSRs on the ProxySG appliance are by default generated for use with an SHA-1 cryptographic hash function
. Using the SHA-1 hash function
is not an issue if you are requesting a certificate from the Certificate Authority (CA) because the CA applies the required hash function (SHA256) to the certificate when signing the CSR.
A hidden command exists that allows you to configure the appliance to use the SHA-2 hash function when creating a CSR.
To change the default SHA-1 hash function
to SHA-2, log in to the CLI and type the following commands:
>en #config t #(config)security default-signing-hash (sha1|sha256|sha512)
This command was added in 188.8.131.52 and removed in 184.108.40.206 because starting with that version you can specify the signing hash in the CSR or certificate directly, so it's no longer a global setting but can be set on a per-case basis.
Imported Document ID: 000022556
Subscribing will provide email updates when this Article is updated. Login is required.