https://www.openssl.org/docs/manmaster/apps/x509.html says:
> -[digest] > > the digest to use. This affects any signing or display option that uses a > message digest, such as the -fingerprint, > -signkey and -CA options. Any digest supported by the OpenSSL dgst command can be used. If not specified then SHA1 is used. That SHA1 is used when the digest is not specified is true for the -fingerprint option, but it is at least not true for the -CA option. In the latter case (and very probably also for the -signkey option) the default digest method is selected via rsa_pkey_ctrl() in crypto/rsa/rsa_ameth.c with op = ASN1_PKEY_CTRL_DEFAULT_MD_NID and here is NID_sha256 returned since OpenSSL 1.0.2 instead NID_sha1 in older OpenSSL versions. Best regards, Richard Könning -- Dr. Richard W. Könning Fujitsu Technology Solutions GmbH -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4302 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
