Steps to change the sign algorithm of self-signed certificate in DS6.x (Windows) (Doc ID 1556727.1)

Last updated on AUGUST 09, 2017

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.0 to 6.3.1.1.1 [Release 6.0]
Information in this document applies to any platform.

Goal

On DS6.x, the self-sign cert is created with "PKCS #1 MD5 With RSA Encryption" algorithm
by "dsadm add-selfsign-cert" command or DSCC.

But DS6.x DSCC and commands do not provide the functionality to change the algorithm.(*1)

How to change the self-sign cert algorithm on DS6.3?



(*1)DS7.0 or later, sigalg option is added to dsadm add-selfsign-cert command and we can select SHA1, MD5 or SHA256.

* Sun Directory Server Enterprise Edition 7.0 Man Page Reference
dsadm(1M)
http://docs.oracle.com/cd/E19424-01/820-4813/dsadm-1m/index.html
----------------------------------------------------------------------------------------------------------------
dsadm add-selfsign-cert [-i] [-W CERT_PW_FILE] [-S DN] [--phone PHONE] [--email EMAIL] ... [--dns DOMAIN] ... [--validity DURATION] [--keysize SIZE] [--sigalg SIGALG] INSTANCE_PATH CERT_ALIAS

--sigalg SIGALG

  Specifies certificate signature algorithm. The default algorithm is SHA1. The other valid values are MD5 and SHA256.
----------------------------------------------------------------------------------------------------------------

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms