Signing CSR With Weak Algorithms
Upgraded from pfSense 2.3 -> 2.4 to be able to comfortably sign CSRs through the GUI.
And that functionality is there and im all happy about it!
but theres a BUT!
Cert_manager is signing the CSRs with a SHA1 digest. which by todays standards is weak. and google reports on it furiously with red paint all over the page.
Is there any possibility to sign CSRs with a stronger algorithm (sha2(+)) in the GUI?
You are right, there should be a field for that but there isn't.
I opened https://redmine.pfsense.org/issues/7853 and I have some code ready to push to add it in, plus display the digest algo in the infoblock for each cert.
tbh, that was a stupid fast integration, thanks alot for a great product and awesome response!