Renewing AdminCA1 with SHA1 sig Alg to SHA256 sig Alg

  • Arun Balaji

    Arun Balaji - 2014-04-04

    In an existing EJBCA instance [ version 4.0.6 ] on a Solaris environment.

    I am migrating all the CA's and End entities to use SHA256 as the signature algorithm and have done that successfully.

    However , when i try to do the same for the AdminCA1 CA , there is no profile for it and hence renewal only results in a certificate with SHA1 as signature algorithm.

    I am unable to find instructions regarding how this can be done.

    Is this possible by any means or is AdminCA1 fixed and can be renewed only with the original keysize and algorithm with which it was created ?

  • Tomas Gustavsson

    You can change both profile and signature algorithm on a CA. Check the " ca" CLI command.

    PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see or contact for more information.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks