cancel
Showing results for 
Search instead for 
Did you mean: 
jamesaiyer
Level 7

WebGateway SHA256 Certificate Query

Hi Team,

I am using the Default certificate available on the WebGateway and the Digest is set to SHA256 and RSA Server Key is 2048.

However, if I try to export the certificate and view or i can view this certificate from client machine, it still says SHA1 as  signature algorithm.

certificate page.jpeg

Please suggest on how to get this changed to SHA256 on the client machines as well as while exporting the Default certificate.

Regards

James

3 Replies
McAfee Employee

Re: WebGateway SHA256 Certificate Query

Hi James,

The settings for "SHA256" and the key size are for the certificate that the MWG actually creates. See screenshots below.

2016-02-16_131743.jpg2016-02-16_131721.jpg

When you generate a certificate in the UI, you're just creating a self-signed certificate.

If you want to create a self-signed certificate with a 2048 key, using sha256, you can do this from the CLI using the following command. The cert will be valid for 10 years (3650 days):


openssl req -nodes -sha256 -x509 -newkey rsa:2048 -keyout mwg.key.pem -out mwg.crt.pem -days 3650


openssl rsa -in mwg.key.pem -out mwg.key.pem


You will need to import mwg.crt.pem and mwg.key.pem into your GUI. You can then distribute mwg.crt.pem as the CA.

Best Regards,

Jon

0 Kudos
jamesaiyer
Level 7

Re: WebGateway SHA256 Certificate Query

Hi Jon,

Thanks for the details. Could you please confirm if we can import this generated certificate across multiple WebGateway's ?

Thanks & Regards

James

0 Kudos
McAfee Employee

Re: WebGateway SHA256 Certificate Query

Hi James,

This is a policy setting, so yes it automatically does it.


Best Regards,

Jon

0 Kudos