TSS GENREQ Generates SHA1 Digital Certificate
search cancel

TSS GENREQ Generates SHA1 Digital Certificate

book

Article ID: 32858

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

When executing a TSS GENCERT command with SIGNALG(SHA256) to get an SHA256 certificate, the list output shows that it is OK: ALGORITHM = sha256WithRSAEncryption.
When executing a TSS GENREQ command to produce a file to be signed, the certificate in the file is an SHA1 certificate. Why isn't it an SHA256 digital certificate?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

Currently, when we do a TSS GENREQ command, the request PK10 that is produced will be SHA1 even if the CERT was SHA256. This should not be a problem since the signer will replace the signature later. That is the one that will be used once the certificate is added back in to Top Secret.