Chris wrote: > Hi, I'm new to this forum. I'm having an issue when generating keys using > ikecert > > ikecert certlocal -ks -m 512 -t rsa-sha1 -D "C=US, O=SUN" -A IP=1.2.3.4 > > Finishes successfully but when I display the certificate I see its type is > actually rsa-md5 (as below). I expected a keytype of rsa-sha1, any ideas? > > ikecert certdb -lv | grep Type > Certificate Slot Name: 5 Type: rsa-md5 >
Hi- What OS version are you running? The current output would be like this: # ikecert certlocal -ks -m 512 -t rsa-sha1 -D "C=US, O=SUN" -A IP=1.2.3.4 # ikecert certdb -lv "C=US, O=SUN" Certificate Slot Name: 10 Key Type: rsa Notice the change and the word "Key Type". The key itself is rsa. See this bug: 5019445 ikecert certdb -l lies about certificate signature types It was fixed before Solaris 10 shipped. If you look in the bug, you'll see that if you look at the details with openssl, the cert was generated successfully. In your case: # ikecert certdb -e SLOT=5 > /tmp/cert # /usr/sfw/bin/openssl -text -in /tmp/mycert Also related is this bug: 5095377 certlocal -l should not list signature And this PSARC case: PSARC 2004/647 ikecert keytype correction Thanks, paul
