On 15/07/14 11:34, Christina Kyriakidou wrote:
Hi all,
There is a need to create an IPA server v3 on RHEL 6.4, that has the main CSR for the Certificate authority signed with the SHA1 algorithm instead of Sha256 as part of compatibility with the main Root CA signing mechanism of the organisation. Is there a way to make this happen and if so how?
Thanks in advance,

This is in the middle of getting resolved. Changing the cainstance.py file, the "-key_algorithm" parameter has to be changed from "SHA256withRSA" to "SHA1withRSA". also an additional parameter has to be added below that "-signing_algorithm", "SHA256withRSA". This has given us an ipa.csr signed with SHA1withRSA algorithm. Once I get this signed by the external root CA I'll test if this gives me a SHA256withRSA certificate for my clients.

Christina Kyriakidou
Red Hat Consultant, RHCE, RHCDS
Red Hat UK Ltd, 200 Fowler Avenue, Farnborough, Hampshire, GU14 7JP
Mobile: +44 (0)7736665160
Email: christ...@redhat.com

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to