On 15/07/14 11:34, Christina Kyriakidou wrote:
Hi all,
There is a need to create an IPA server v3 on RHEL 6.4, that has the
main CSR for the Certificate authority signed with the SHA1 algorithm
instead of Sha256 as part of compatibility with the main Root CA
signing mechanism of the organisation. Is there a way to make this
happen and if so how?
Thanks in advance,
Christina.
This is in the middle of getting resolved. Changing the cainstance.py
file, the "-key_algorithm" parameter has to be changed from
"SHA256withRSA" to "SHA1withRSA". also an additional parameter has to be
added below that "-signing_algorithm", "SHA256withRSA". This has given
us an ipa.csr signed with SHA1withRSA algorithm. Once I get this signed
by the external root CA I'll test if this gives me a SHA256withRSA
certificate for my clients.
--
Christina Kyriakidou
Red Hat Consultant, RHCE, RHCDS
Red Hat UK Ltd, 200 Fowler Avenue, Farnborough, Hampshire, GU14 7JP
Mobile: +44 (0)7736665160
Email: christ...@redhat.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project