I am using the Default certificate available on the WebGateway and the Digest is set to SHA256 and RSA Server Key is 2048.
However, if I try to export the certificate and view or i can view this certificate from client machine, it still says SHA1 as signature algorithm.
Please suggest on how to get this changed to SHA256 on the client machines as well as while exporting the Default certificate.
The settings for "SHA256" and the key size are for the certificate that the MWG actually creates. See screenshots below.
When you generate a certificate in the UI, you're just creating a self-signed certificate.
If you want to create a self-signed certificate with a 2048 key, using sha256, you can do this from the CLI using the following command. The cert will be valid for 10 years (3650 days):
openssl req -nodes -sha256 -x509 -newkey rsa:2048 -keyout mwg.key.pem -out mwg.crt.pem -days 3650
openssl rsa -in mwg.key.pem -out mwg.key.pem
You will need to import mwg.crt.pem and mwg.key.pem into your GUI. You can then distribute mwg.crt.pem as the CA.
Thanks for the details. Could you please confirm if we can import this generated certificate across multiple WebGateway's ?
Thanks & Regards