SHA256 is for certificates enrolled by the clients NOT for fingerprint.
2011/1/5 Bruno <[email protected]> > In fact that`s a good question. > > Take a look: > > I configured R1 to be the CA server with SHA256 > > crypto pki server CA > grant auto > hash sha256 > lifetime certificate 1 > database url flash: > > Even though I specified it as sha256, when I do "show crypto pki > certificates" I get both outputs but nothing about sha256 on the fingerprint > > Signature Algorithm: SHA256 with RSA Encryption > Fingerprint MD5: 8C5334D3 44F444F9 ECE0B9A0 DCA22F16 > Fingerprint SHA1: 953AA86A 17624DF8 0B67C560 6DFDB426 DF9D3DC7 > > I found this article: > http://www.mail-archive.com/[email protected]/msg06368.html > > It seems you`ll always have both whenever you configure other type of > hashing algorithms > > Hope it helps > > On Wed, Jan 5, 2011 at 8:20 AM, kamran shakil <[email protected]>wrote: > >> Dears, >> I saw it many times while i doing labs whenever i enroll and authenticate >> the cert from CA , i get 2 messages. >> >> fingerprint MD5 >> >> fingerprint SHA >> >> Why TWO / BOTH of them are generated with keys ? >> >> I dont think i mentioned it in CA Config ? >> >> >> I didnt see any comment or clue on it in any of the worbooks i have nor on >> any forums . Well, please let us all know if someone has clue on it . >> Waiting >> >> regards, >> Kamran ~ >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
