Re: [Ejbca-develop] Using certificate fingerprint sha2 for End Entities

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ralf Hornik wrote:
> I use EJBCA 4.0.16 (r17223) Jboss 5.1.0 GA.
>
> I dont see any chance to change the algorithm for the fingerprint extension
> to anything else than sha1.
> Browsers like chrome require certificate fingerprints of sha2.

Are you talking about certificate fingerprints or the certificate signature 
algorithm? I guess it's the latter.

> How can this extension be changed?

It's likely not a X.509v3 extension what you're talking about.

You should look into the certificate profile(s):

There you can choose SHA256WithRSA as the signature algorithm used when 
issuing certs. IIRC this already worked with EJBCA 4.0.16 though I'm not sure 
whether the Java version you're using is capable of doing that.

Ciao, Michael.