Sentry CA 3.5 does not support mixed-digest CA chains
Originally Published: 2001-07-23
Article Number
Applies To
TechNote 0104
Issue
When creating (or resigning) CA's for a hierarchy it is important to specify the issuer as the parent CA in the hierarchy. It is also important that the digest type throughout the entire PKI be the same.
Mixed type certificate chains are not supported in Sentry CA 3.5. For example, if you set the Root CA to be RSA/MD5 and the Admin CA to be DSA/SHA1, you will in fact create an Admin CA that is DSA/MD5.
Resolution
Related Articles
How many levels of Sub-CA chaining are supported in Sentry CA 3.x? Number of Views Error "keytool error: java.lang.Exception: Failed to establish chain from reply" when importing the SSP CA signed certific… Number of Views To allow automatic vetting of certificate request for Sentry CA 3.5 and later. Number of Views Configure Logging Number of Views This certificate or its signing CA is not valid error when importing a certificate chain in RSA Authentication Manager 8.x… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
