Which signature algorithms are supported when re-signing server certificates?
Originally Published: 2001-07-11
Article Number
Applies To
Keon Certificate Authority
TechNote 0192
Issue
Which signature algorithms are supported when re-signing a server certificate?
Resolution
The webserver certificates used for client SSL (ie. to a user's web browser) are stored in the file system as the adminServer.cert, enrollDSSServer.cert and enrollServer.cert. The enrollDSSServer certificate must be signed by a DSA CA. The other certificates can be signed with either RSA or DSA.
Note : for supporting all versions of Internet Explorer, you should use RSA as your
signature algorithm. Versions of MSIE prior to 4.0 with service pack 4.0 do
not support DSA signing (see the solution "Configuring MSIE 4.x to support DSA CAs").
For Sentry CA 3.7, certificate files are automatically backed up to <file>.bak in the certs directory when re-signing. If you experience a problem after re-signing, restore the backed up certificate file and re-start Sentry.
Related Articles
How to re-use unassigned tokens via the 'Replace Tokens...' function on Authentication Manager 6.x Number of Views Unable to re-edit a RSA Identity Governance & Lifecycle condition containing IN for a rules definition Number of Views Disaster recovery - Re-imaging a RC Number of Views AM8.1-Web tier Bootstrap service will not start after re-install Number of Views Access Manager CERTIFICATE authentication fails to re-authenticate after token decryption failed message Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
