Creating sha1 certs using cfssl api
I'm working with some legacy weblogic systems that require sha1 keystores for ssl. I've begun to try using our cfssl instance and have successfully managed to generate certificates, but they all seem to default to sha2. I've not been able to find a way to override this in the api.
The json body I've passed to the api is like the below:
{
"hostname": "{{ csr_request_cn }}",
"request": {
"hosts": [
"{{ csr_request_cn }}"
],
"cn": "{{ csr_request_cn }}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
...omitted
}
]
}
}
Looking at the code seems to suggest that at one point there was a way to generate sha1 certs by setting a smaller key size, but now cfssl only accepts key sizes of 2048 or higher which defaults to sha2. I could be misunderstanding sha1 and sha2 but I was under the impression that sha1 could still be used with higher key sizes.
ssl hash sha1 cloudflare sha2
add a comment |
I'm working with some legacy weblogic systems that require sha1 keystores for ssl. I've begun to try using our cfssl instance and have successfully managed to generate certificates, but they all seem to default to sha2. I've not been able to find a way to override this in the api.
The json body I've passed to the api is like the below:
{
"hostname": "{{ csr_request_cn }}",
"request": {
"hosts": [
"{{ csr_request_cn }}"
],
"cn": "{{ csr_request_cn }}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
...omitted
}
]
}
}
Looking at the code seems to suggest that at one point there was a way to generate sha1 certs by setting a smaller key size, but now cfssl only accepts key sizes of 2048 or higher which defaults to sha2. I could be misunderstanding sha1 and sha2 but I was under the impression that sha1 could still be used with higher key sizes.
ssl hash sha1 cloudflare sha2
add a comment |
I'm working with some legacy weblogic systems that require sha1 keystores for ssl. I've begun to try using our cfssl instance and have successfully managed to generate certificates, but they all seem to default to sha2. I've not been able to find a way to override this in the api.
The json body I've passed to the api is like the below:
{
"hostname": "{{ csr_request_cn }}",
"request": {
"hosts": [
"{{ csr_request_cn }}"
],
"cn": "{{ csr_request_cn }}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
...omitted
}
]
}
}
Looking at the code seems to suggest that at one point there was a way to generate sha1 certs by setting a smaller key size, but now cfssl only accepts key sizes of 2048 or higher which defaults to sha2. I could be misunderstanding sha1 and sha2 but I was under the impression that sha1 could still be used with higher key sizes.
ssl hash sha1 cloudflare sha2
I'm working with some legacy weblogic systems that require sha1 keystores for ssl. I've begun to try using our cfssl instance and have successfully managed to generate certificates, but they all seem to default to sha2. I've not been able to find a way to override this in the api.
The json body I've passed to the api is like the below:
{
"hostname": "{{ csr_request_cn }}",
"request": {
"hosts": [
"{{ csr_request_cn }}"
],
"cn": "{{ csr_request_cn }}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
...omitted
}
]
}
}
Looking at the code seems to suggest that at one point there was a way to generate sha1 certs by setting a smaller key size, but now cfssl only accepts key sizes of 2048 or higher which defaults to sha2. I could be misunderstanding sha1 and sha2 but I was under the impression that sha1 could still be used with higher key sizes.
ssl hash sha1 cloudflare sha2
ssl hash sha1 cloudflare sha2
asked Nov 26 '18 at 10:46
sharktamersharktamer
1218
1218
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53479434%2fcreating-sha1-certs-using-cfssl-api%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53479434%2fcreating-sha1-certs-using-cfssl-api%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown