ACF2 GENREQ of a certificate creates a CSR with sha1 rather than sha256 signing algorithm.
search cancel

ACF2 GENREQ of a certificate creates a CSR with sha1 rather than sha256 signing algorithm.

book

Article ID: 218093

calendar_today

Updated On:

Products

ACF2

Issue/Introduction

openssl or windows certutil -dump both identify it was signed sha1. 

Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA

CA refuses to sign it

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Apply ACF2 R16 enhancement SO16122, that changes the hashing algorithm from SHA1 to SHA256 when generating a CSR.

To complete the sysmod implementation follow up by 'F ACF2,NEWMOD(SAFAAMSG)

Powered by Wolken Software