Using SHA-2 algorithm to generate the self-signed certificate

By default, the openssl command uses the SHA-1 algorithm to generate the self-signed certificate on the DNCA.

Optionally, you can use SHA-2 for the digital signature hash by adding the -sha256 option, as in the following command:


/usr/local/dncauser/bin/openssl req -x509 -sha256 -days 365 -newkey rsa:2048 \
  -key example.key -out example.crt



You can generate the SHA-2 key on another Linux™ system. To determine whether it is possible, run the following command in a non-DNCA environment:


openssl dgst ?h



The following line can be displayed in the generated output:


-sha256         to use the sha256 message digest algorithm



If the previous command is displayed, then the Linux installation accepts the SHA-2 option. You can run the following command without providing the DNCA-specific path:


openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -key example.key -out \
  example.crt