Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACE20 and hashing algorithm

I have a secure website behind an Cisco ACE20 using A2(3.2). Everything is working great. Only that now I need to renew my certificate. When creating the CSR and sending it to my CA I get this warning:

"Alert: Your CSR has been signed using the MD5 hashing algorithm. While the MD5 hashing algorithm is not optimal it will not prevent you from using this CSR to enroll for your SSL certificate. VeriSign best practices recommend that you use a different hashing algorithm for the signature. CSR Information"

Anybody know if it is possible to use SHA instead of MD5 or what can I do in this case?

1 ACCEPTED SOLUTION

Accepted Solutions

ACE20 and hashing algorithm

I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.

http://gnuwin32.sourceforge.net/packages/openssl.htm

openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1

The above will load a wizard format questionare for your CSR parameters similar to the ACE.

You can then upload your key, and cert when you get it to the ACE afterwards.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
2 REPLIES

ACE20 and hashing algorithm

I dont think you can chnage the signing method for CSRs on the ACE directly. But i would use something like OpenSSL to generate the CSR for SHA.

http://gnuwin32.sourceforge.net/packages/openssl.htm

openssl req -out c:\CSR.csr -new -newkey rsa:2048 -nodes -keyout c:\privateKey.key -sha1

The above will load a wizard format questionare for your CSR parameters similar to the ACE.

You can then upload your key, and cert when you get it to the ACE afterwards.

==========================
http://www.rConfig.com 

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
New Member

ACE20 and hashing algorithm

Thanks Stephen. I created the CSR on a Linux box using OpenSSL as you say and it worked great.

704
Views
0
Helpful
2
Replies
CreatePlease to create content