Which signature algorithms are supported when re-signing server certificates?
Originally Published: 2001-07-11
Article Number
Applies To
Keon Certificate Authority
TechNote 0192
Issue
Which signature algorithms are supported when re-signing a server certificate?
Resolution
The webserver certificates used for client SSL (ie. to a user's web browser) are stored in the file system as the adminServer.cert, enrollDSSServer.cert and enrollServer.cert. The enrollDSSServer certificate must be signed by a DSA CA. The other certificates can be signed with either RSA or DSA.
Note : for supporting all versions of Internet Explorer, you should use RSA as your
signature algorithm. Versions of MSIE prior to 4.0 with service pack 4.0 do
not support DSA signing (see the solution "Configuring MSIE 4.x to support DSA CAs").
For Sentry CA 3.7, certificate files are automatically backed up to <file>.bak in the certs directory when re-signing. If you experience a problem after re-signing, restore the backed up certificate file and re-start Sentry.
Related Articles
How to re-use unassigned tokens via the 'Replace Tokens...' function on Authentication Manager 6.x Number of Views Unable to re-edit a RSA Identity Governance & Lifecycle condition containing IN for a rules definition Number of Views Re-enrolling for a certificate Number of Views For Windows 2003 (32-bit and 64-bit) OS security has been enhanced and as such has the following effects: Number of Views Disaster recovery - Re-imaging a RC Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to Download OTP Token Seed Files from myRSA RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
