Sentry CA 3.5 does not support mixed-digest CA chains
Originally Published: 2001-07-23
Article Number
Applies To
TechNote 0104
Issue
When creating (or resigning) CA's for a hierarchy it is important to specify the issuer as the parent CA in the hierarchy. It is also important that the digest type throughout the entire PKI be the same.
Mixed type certificate chains are not supported in Sentry CA 3.5. For example, if you set the Root CA to be RSA/MD5 and the Admin CA to be DSA/SHA1, you will in fact create an Admin CA that is DSA/MD5.
Resolution
Related Articles
How many levels of Sub-CA chaining are supported in Sentry CA 3.x? Number of Views Error "keytool error: java.lang.Exception: Failed to establish chain from reply" when importing the SSP CA signed certific… Number of Views To allow automatic vetting of certificate request for Sentry CA 3.5 and later. Number of Views This certificate or its signing CA is not valid error when importing a certificate chain in RSA Authentication Manager 8.x… Number of Views How to upgrade to Sentry CA 3.6 from a previous version of Sentry CA. Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
