Craig McGregor wrote: > I think the options for the SignatureAlgorithm and the Thumbprint are specified > separately, and that default_md sets the Thumbprint algorithm but not the >SignatureAlgorithm.
Now I understand the logical problem. The fingerprint will be calculated by the user of the certificate and has nothing to do with signaturealgorithm of the certificate. Example: openssl x509 -in test.pem -noout -fingerprint -sha1 openssl x509 -in test.pem -noout -fingerprint -md5 > I have found that: > if default_md = md5 then Thumbprint algorithm is MD5 AND SignatureAlgorithm > is MD5 > if default_md = sha1 then Thumbprint algorithm is SHA1 and SignatureAlgorithm > is MD5 Sorry, but I think you mix the names. The signaturealgorithm should be md5RSA or sha1RSA. If default_md = sha1 then the signaturealgorithm is sha1RSA. > I expected that when default_md = sha1 that both the thumbprint algorithm AND > the SignatureAlgorithm with be SHA1. This was not the case. Like I mentioned above the fingerprint will be calculated by the user. Nevertheless I changed the default_md of the CA from md5 to sha1. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
