Is it possible to generate a self-signed SSL certificate with SHA1 under version 11.6?

Question

I have a weird issue where I need to set up a temporary certificate using the SHA1 hash. It looks like SHA2 is now used by default if the cert is generated from the GUI. I've trolled through the TMSH commands and I don't see where I can specify the signing hash using the console.&nbsp;
Is this doable? (I know SHA1 is deprecated; this isn't by my choice.)&nbsp;

ltwagnon · Answer

Here's an article that might help: https://devcentral.f5.com/articles/big-ip-ssl-cipher-history&nbsp;

rdessert_76127 · Answer

Did you figure it out?  I have an old application that requires SHA1 (not my choice as you stated) and it appears that the UI doesn't allow you to specify as you said.

boneyard · Answer

i doubt you can do it via the GUI, but this article can be used as a basis to do it via the CLI (not tmsh though)&nbsp;
http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7754.html&nbsp;
i assume openssl will just default to sha-1, if not you might have to enforce that with the correct flag.&nbsp;

Forum Discussion

Is it possible to generate a self-signed SSL certificate with SHA1 under version 11.6?

3 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Automating Certificate Management on F5 BIG-IP

Web Services, SSL, and self-signed server certificates

Automating ACMEv2 Certificate Management on BIG-IP

Problem with self-signed certificate

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS