Forum Discussion

Kai_M__48813's avatar
Kai_M__48813
Icon for Cirrus rankCirrus
Feb 21, 2017

sha1 or sha256 default when creating csr

im going to use the webui to generate a san csr, but there is no indication on whether sha1 or sha256 will be used. the version im generating on is 12.1.1. is there a quick way to verify this, either in webui or through cli?

 

.csr
application delivery
BIG-IP Access Policy Manager (APM)
bigip 12.1.1
security
  • Nicholas_P__308's avatar
    Nicholas_P__308
    Feb 21, 2017

    SHA-256 should be selected in the later versions such as yours. This will be represented by 2048 bits in the key section (near bottom when generating CSR.) After that your PKI authority should handle the rest.

     

  • Nicholas_P__308's avatar
    Nicholas_P__308
    Icon for Cirrus rankCirrus
    Feb 21, 2017

    SHA-256 should be selected in the later versions such as yours. This will be represented by 2048 bits in the key section (near bottom when generating CSR.) After that your PKI authority should handle the rest.

     

    • Kai_M__48813's avatar
      Kai_M__48813
      Icon for Cirrus rankCirrus
      Feb 22, 2017

      thanks!

       

      i was also able to veriy this by running openssl req -noout - text in /config/test.csr | grep -i signature

       

    • Nicholas_P__308's avatar
      Nicholas_P__308
      Icon for Cirrus rankCirrus
      Feb 23, 2017

      Kai, thank you the the string to confirm! Always best to verify as much as possible!