Using SHA-2 algorithm to generate the self-signed certificate
By default, the openssl
command uses the
SHA-1 algorithm to generate the self-signed certificate on the DNCA.
Optionally, you can use SHA-2 for the digital signature hash by
adding the -sha256
option, as in the following command:
/usr/local/dncauser/bin/openssl req -x509 -sha256 -days 365 -newkey rsa:2048 \
-key example.key -out example.crt
You can generate the SHA-2 key on another Linux™ system. To determine whether it is possible, run the following command in a non-DNCA environment:
openssl dgst ?h
The following line can be displayed in the generated output:
-sha256 to use the sha256 message digest algorithm
If the previous command is displayed, then the Linux installation accepts the SHA-2 option. You can run the following command without providing the DNCA-specific path:
openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -key example.key -out \
example.crt