The officially recommended method of generating a web server SSL certificate CSR (according to RHEL6 and CentOS 6 documentation) is to use the genkey utility. When used according to the docs, this produces a CSR with an SHA1 signature. Our CA has requested a CSR with an SHA256 signature (because we want an SHA256 SSL cert as per the new chrome/ie browser requirements). I've not been able to find any docs on how to do this using genkey. I tried the –sha256 command line flag but it's not recognized by genkey. Can anyone describe how to do this?
Centos – Generating an SHA256 SSL CSR on CentOS/RHEL using genkey
centoshashrhel6
Related Topic
- Centos – Apache not generating access log. CentOS
- Linux – how to change screen resolution in rhel/centos 6
- Centos – the relation between NetworkManager and network service in Fedora/RHEL/Centos
- Linux – Persist IP address alias across reboots in CentOS/RHEL 6 using “ip” command
- Centos genkey command not found
- Linux – MySQL and SSL with -sha256
Best Answer
The interactive genkey command wont give you the option to change the defaults, but you should be able to update your /etc/pki/tls/openssl.cnf if you really want to use that command.
Change:
To:
Or you can use the openssl command direct. If the hashing algorithm is set to SHA1 by default, you can use the switch -sha256 to force SHA2.