For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kai_M__48813's avatar
Kai_M__48813
Icon for Cirrus rankCirrus
Feb 21, 2017
Solved

sha1 or sha256 default when creating csr

im going to use the webui to generate a san csr, but there is no indication on whether sha1 or sha256 will be used. the version im generating on is 12.1.1. is there a quick way to verify this, either...
.csr
application delivery
BIG-IP Access Policy Manager (APM)
bigip 12.1.1
security
  • Nicholas_P__308's avatar
    Nicholas_P__308
    Feb 21, 2017

    SHA-256 should be selected in the later versions such as yours. This will be represented by 2048 bits in the key section (near bottom when generating CSR.) After that your PKI authority should handle the rest.

     

Nicholas_P__308's avatar
Nicholas_P__308
Icon for Cirrus rankCirrus
Feb 21, 2017

SHA-256 should be selected in the later versions such as yours. This will be represented by 2048 bits in the key section (near bottom when generating CSR.) After that your PKI authority should handle the rest.

 

Kai_M__48813's avatar
Kai_M__48813
Icon for Cirrus rankCirrus
Feb 22, 2017

thanks!

 

i was also able to veriy this by running openssl req -noout - text in /config/test.csr | grep -i signature