Which signature algorithms are supported when re-signing server certificates?
Originally Published: 2001-07-11
Article Number
Applies To
Keon Certificate Authority
TechNote 0192
Issue
Which signature algorithms are supported when re-signing a server certificate?
Resolution
The webserver certificates used for client SSL (ie. to a user's web browser) are stored in the file system as the adminServer.cert, enrollDSSServer.cert and enrollServer.cert. The enrollDSSServer certificate must be signed by a DSA CA. The other certificates can be signed with either RSA or DSA.
Note : for supporting all versions of Internet Explorer, you should use RSA as your
signature algorithm. Versions of MSIE prior to 4.0 with service pack 4.0 do
not support DSA signing (see the solution "Configuring MSIE 4.x to support DSA CAs").
For Sentry CA 3.7, certificate files are automatically backed up to <file>.bak in the certs directory when re-signing. If you experience a problem after re-signing, restore the backed up certificate file and re-start Sentry.
Related Articles
How to re-use unassigned tokens via the 'Replace Tokens...' function on Authentication Manager 6.x Number of Views Unable to re-edit a RSA Identity Governance & Lifecycle condition containing IN for a rules definition Number of Views For Windows 2003 (32-bit and 64-bit) OS security has been enhanced and as such has the following effects: Number of Views Disaster recovery - Re-imaging a RC Number of Views AM8.1-Web tier Bootstrap service will not start after re-install Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
