Read full details here: Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL
With Google, Microsoft and every major technological giants sunsetting sha-1 due to it’s vulnerability, sha256 is the new standard. It seems to be an issue almost all Infrastructure Administrators are facing right now. Those who are using managed PKI console, it’s very easy and straight forward and the signing authority such a Symantec/Verisign or GoDaddy will take care of the signature hash. Users just select if they want to use sha1, sha256 and so on. But for those who have a test infrastructure where you are using self signed SSL/TLS certificate, they need to generate and or replace all their existing certificates with self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL. Generating a 2048-bit public key x509 certificate with sha256 digest algorithm is not very tough. But OpenSSL help menu can be confusing. This post would help anyone who had to walk that path of upgrading sha1 or issuing a new self-signed x509 certificate with 2048-bit key and sign with sha256 hash.
Read the rest of it here: Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL
With Google, Microsoft and every major technological giants sunsetting sha-1 due to it’s vulnerability, sha256 is the new standard. It seems to be an issue almost all Infrastructure Administrators are facing right now. Those who are using managed PKI console, it’s very easy and straight forward and the signing authority such a Symantec/Verisign or GoDaddy will take care of the signature hash. Users just select if they want to use sha1, sha256 and so on. But for those who have a test infrastructure where you are using self signed SSL/TLS certificate, they need to generate and or replace all their existing certificates with self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL. Generating a 2048-bit public key x509 certificate with sha256 digest algorithm is not very tough. But OpenSSL help menu can be confusing. This post would help anyone who had to walk that path of upgrading sha1 or issuing a new self-signed x509 certificate with 2048-bit key and sign with sha256 hash.
Read the rest of it here: Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL
No comments:
Post a Comment