Forum Discussion
NimbostratusManagement / KeyCertificate -How to get Certificate Signature Algorithm
Hi ,
Currently in our organization we are doing SHA1 migration. I have been trying to get Certificate Signature Algorithm(PKCS 1 SHA-1 With RSA Encryption) from the Management::KeyCertificate get_certificate_list method;apparently it provides only Subject Public Key Algorithm(PKCS 1 RSA Encryption).
Is there any way i can get Certificate Signature Algorithm as well??
Many thanks in advance!
Regards- Prabir
2 Replies
JGCumulonimbus
The following bash script will show which SSL certificate in the /Common partition contains a sha1 Signature Algorithm:
for i in /config/filestore/files_d/Common_d/certificate_d/*; do echo "$i:"; openssl x509 -text -noout -in $i |grep 'Signature Algorithm' | grep sha1 done.
- JG
Well, you can do this with iControlREST.
Create a bash script named, say, "check_insecure_sig_algo.sh", with the following code:
!/bin/sh for i in /config/filestore/files_d/Common_d/certificate_d/*; do if openssl x509 -text -noout -in $i | /bin/grep 'Signature Algorithm: sha1' 2>&1 > /dev/null then echo $i fi doneand then run the following remotely:
!/bin/sh OUTPUT="$(curl -k -s -u admin:admin -H "Content-Type: application/json" -X POST https://mgmt_IP_address/mgmt/tm/util/bash -d "{\"command\":\"run\",\"utilCmdArgs\":\"-c '/path/to/check_insecure_sig_algo.sh'\"}" | jq '.commandResult')" insecure_certs="${OUTPUT%\"}" insecure_certs="${insecure_certs\"}" echo "$insecure_certs"to get a list of the certs with sha1 signature algorithm. You need to download and install jq, though.
