000018890 - Sentry CA 3.5 does not support mixed-digest CA chains

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018890
Applies ToSentry CA 3.5
TechNote 0104
IssueSentry CA 3.5 does not support mixed-digest CA chains
When creating (or resigning) CA's for a hierarchy it is important to specify the issuer as the parent CA in the hierarchy.  It is also important that the digest type throughout the entire PKI be the same.
Mixed type certificate chains are not supported in Sentry CA 3.5.  For example, if you set the Root CA to be RSA/MD5 and the Admin CA to be DSA/SHA1, you will in fact create an Admin CA that is DSA/MD5.
ResolutionThis constraint has been remedied in releases of Sentry CA later than version 3.5.
Legacy Article IDa4074

Attachments

    Outcomes