On 26/01/2021 13:20, Mark Thomas wrote: > On 25/01/2021 15:04, Christopher Schultz wrote:
<snip/> >> I see there is a /sha1 option on the command as well. Does that mean >> that SHA1 is also being performed? > > No. > >> Is it required? > > Yes. It is how we ID the certificate /key to sign with. > >> We abandoned SHA-1 (and SHA-256 for that matter) for the signatures we >> put on our web sites some time ago. Is it possible to use SHA-512 for >> these signatures as well? > > A quick hunt around the internet suggests using SHA-512 signatures > should be possible. However, that was with a local key. The DigiCert > signing using a custom library to access the keys remotely. Let me run a > test... Yep. That worked. Thanks for spotting this. I've updated the build scripts. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org