[Freeipa-users] SHA1 IPA v3 CSR
Christina Kyriakidou
ckyriaki at redhat.com
Tue Jul 15 16:23:19 UTC 2014
On 15/07/14 11:34, Christina Kyriakidou wrote:
> Hi all,
> There is a need to create an IPA server v3 on RHEL 6.4, that has the
> main CSR for the Certificate authority signed with the SHA1 algorithm
> instead of Sha256 as part of compatibility with the main Root CA
> signing mechanism of the organisation. Is there a way to make this
> happen and if so how?
> Thanks in advance,
> Christina.
>
This is in the middle of getting resolved. Changing the cainstance.py
file, the "-key_algorithm" parameter has to be changed from
"SHA256withRSA" to "SHA1withRSA". also an additional parameter has to be
added below that "-signing_algorithm", "SHA256withRSA". This has given
us an ipa.csr signed with SHA1withRSA algorithm. Once I get this signed
by the external root CA I'll test if this gives me a SHA256withRSA
certificate for my clients.
--
Christina Kyriakidou
Red Hat Consultant, RHCE, RHCDS
Red Hat UK Ltd, 200 Fowler Avenue, Farnborough, Hampshire, GU14 7JP
Mobile: +44 (0)7736665160
Email: christina at redhat.com
More information about the Freeipa-users
mailing list