[Pki-users] Questions on customizing certificate profiles
Oliver Burtchen
o.burtchen at gmx.de
Thu Apr 8 01:32:22 UTC 2010
Hi @ all,
I also tried to change from "SHA1withRSA" to "SHA256withRSA" by editing the
config files. No luck!
I found, this is hard-coded in the sources, for example in:
- pki-common-1.3.2/src/com/netscape/cms/servlet/csadmin/SizePanel.java
- pki-common-1.3.2//src/com/netscape/cmscore/security/CASigningCert.java
Just look for "SHA1withRSA" in the files, I don't think this are just
fallbacks.
Best regards,
Oli
Am Mittwoch, 7. April 2010 03:27:04 schrieb Chandrasekar Kannan:
> On 04/06/2010 05:08 PM, Arshad Noor wrote:
> > The only option that is visible under Advanced is the key-size
> > for each of the certificate-types. The hash algorithm does not
> > show up at all.
> >
> > Even the default, as mentioned by Step 8, is not the default as
> > the last 10-12 installs have shown:
> >
> > * SHA256withRSA (the default)
> >
> > So, the question is: is the current build of DogTag in the pki
> > repository identical to RHCS 8.0 or is it a different version?
>
> It might very well be ... we can look at the svn commits
> to be really sure...
>
> > Arshad Noor
> > StrongAuth, Inc.
> >
> > Chandrasekar Kannan wrote:
> >> the installation wizard should provide 'options' under the advanced
> >> section for you to be able to select the alg to use. Have you tried
> >> doing Step (8) from here ?
> >> http://www.redhat.com/docs/manuals/cert-system/8.0/install/html/Configur
> >>ing_a_CA.html
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
--
Oliver Burtchen, Berlin
More information about the Pki-users
mailing list