TSS GENREQ Generates SHA1 Digital Certificate
search cancel

TSS GENREQ Generates SHA1 Digital Certificate


Article ID: 32858


Updated On:


Top Secret Top Secret - LDAP


When executing a TSS GENCERT command with SIGNALG(SHA256) to get an SHA256 certificate, the list output shows that it is OK: ALGORITHM = sha256WithRSAEncryption.
When executing a TSS GENREQ command to produce a file to be signed, the certificate in the file is an SHA1 certificate. Why isn't it an SHA256 digital certificate?


Release: TOPSEC00200-15-Top Secret-Security


Currently, when we do a TSS GENREQ command, the request PK10 that is produced will be SHA1 even if the CERT was SHA256. This should not be a problem since the signer will replace the signature later. That is the one that will be used once the certificate is added back in to Top Secret.