Forum Discussion
1 Reply
Sort By
- DennisJannNimbostratus
Add the
option in your openssl command:-sha1
openssl req -new -newkey rsa:2048 -nodes -out www.mycompany.com.csr -keyout www.mycompany.com.key -sha1
If you'll be submitting a CSR to a public CA to obtain a SHA1 certificate issued from a "private" CA root, it's not necessary to use a SHA1 CSR. My company decided to use SHA1 certificates signed by a private Symantec root CA for our legacy internal applications, rather than using self-signed certificates, and we've been submitting CSRs using the SHA-256 signature algorithm.