Which signature algorithms are supported when re-signing server certificates?
Originally Published: 2001-07-11
Article Number
Applies To
Keon Certificate Authority
TechNote 0192
Issue
Which signature algorithms are supported when re-signing a server certificate?
Resolution
The webserver certificates used for client SSL (ie. to a user's web browser) are stored in the file system as the adminServer.cert, enrollDSSServer.cert and enrollServer.cert. The enrollDSSServer certificate must be signed by a DSA CA. The other certificates can be signed with either RSA or DSA.
Note : for supporting all versions of Internet Explorer, you should use RSA as your
signature algorithm. Versions of MSIE prior to 4.0 with service pack 4.0 do
not support DSA signing (see the solution "Configuring MSIE 4.x to support DSA CAs").
For Sentry CA 3.7, certificate files are automatically backed up to <file>.bak in the certs directory when re-signing. If you experience a problem after re-signing, restore the backed up certificate file and re-start Sentry.
Related Articles
How to re-use unassigned tokens via the 'Replace Tokens...' function on Authentication Manager 6.x Number of Views Re-enrolling for a certificate Number of Views Disaster recovery - Re-imaging a RC Number of Views Unable to re-edit a RSA Identity Governance & Lifecycle condition containing IN for a rules definition Number of Views RSA Identity Governance & Lifecycle server attempts to apply the patch each time with the message "Patch will be (re-)appl… Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
