Bug 499494
Summary: | change CA defaults to SHA2 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Chandrasekar Kannan <ckannan> | ||||||
Component: | CA | Assignee: | Christina Fu <cfu> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | unspecified | CC: | awnuk, benl | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-06-04 20:25:04 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 445047 | ||||||||
Attachments: |
|
Description
Chandrasekar Kannan
2009-05-06 21:01:23 UTC
VERIFIED CS 8.1 nightly(21st Dec 2010 build) ; x86_64 RHEL5.6 nightly ; x86_64 Procedures for several fixes in comment #8, comment #11, comment #12: 1/ Signing algorithms in CS.cfg of CA are all SHA256 =========================== [root@cspki yum.repos.d]# grep SHA256 /var/lib/pki-ca/conf/CS.cfg ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512 cloning.audit_signing.keyalgorithm=SHA256withRSA cloning.ocsp_signing.keyalgorithm=SHA256withRSA cloning.subsystem.keyalgorithm=SHA256withRSA [root@cspki yum.repos.d]# ============================= 2/ Adding a new profile results in setting it's signing algorithm to '-' (which is the CA's default - SHA256withRSA ) 3/ Adding a new CRL issuing point results in "Revocation list signing algorithm" value as SHA256withRSA |