Generating SHA2 SSL certificates with XCOM for Windows
searchcancel
Generating SHA2 SSL certificates with XCOM for Windows
book
Article ID: 126441
calendar_today
Updated On: 07-18-2024
Products
XCOM Data TransportXCOM Data Transport - Windows
Issue/Introduction
How can I generate SHA-2 certificates with XCOM for Windows?
Environment
XCOM™ Data Transport® for Windows
Resolution
For testing purposes only, SHA2 certificates can be generated with the "make" scripts that are supplied with XCOM for Windows. Here is what to do:
Modify the "default_md=" parameter in the [req] section of the cassl.conf, clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "sha1". Change it to "sha256". The "default_md=" parameter can be found multiple times in the cassl.conf file. Make sure to modify the value for each parameter found.
Modify the "default_bits=" parameter in the [req] section of the cassl.conf, clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "1024". Change it to "2048". Note: The value in the cassl.conf defaults to "2048".
Modify the sample "makeclient.bat" and "makeserver.bat" to indicate that the certificates will be 2048 bit by changing the "rsa:1024" to "rsa:2048" on the openssl command:
Now you can run the sample "make" scripts on your system
Issue the "listca", "listclient" and "listserver" scripts to check the "Signature Algorithm: sha256WithRSAEncryption" on the certificates.
We want to strongly stress that this is for testing purposes only. You need to contact your Security Administrator to determine your sites security specifications in order to handle SSL certifcates. They may provide you with actual certificates for your production systems. The "make" scripts are SAMPLE scripts that you can modify and maintain for testing purposes.