This document will guide you through upgrading the digest to either SHA256, SHA384, or SHA512 for the EEM r12.x Server. Using the eiam-clustersetup tool, that is already provided with the EEM r12.x install, running on Windows, Linux, and Unix environments.
Follow these steps in order to upgrade the Digest Algorithm:
On the CA EEM Server where the certificates have to be issued, navigate to the following location %EIAM_HOME%\bin or $EIAM_HOME/bin, via command prompt:
1. Execute the following command:
java -jar eiam-clustersetup.jar
- A confirmation message appears.
2. Type Y (yes) and press Enter.
3. Execute the following command:
4. The following message appears: INFO - Enter Certificate Key Length [default = 1024]
I wouldn’t suggest upgrading the key length, as it may impact the client applications, if the versions are different (mismatched).
In this case select: 1 (INFO -  1024)
5. The following message appears: Enter Digest Algorithm [default = SHA256]
Here you will select the number that corresponds with the desired algorithm you would like to upgrade to:
INFO -  SHA1
INFO -  SHA256
INFO -  SHA384
INFO -  SHA512
- Once you make your selection, you will receive a summary/confirmation message.
6. Type Y and press Enter.
-You will see that it is generating the new certificates.
7. Once it is done generating the new certificates, type: status
-This will verify that the two services are started.
8. Type: exit, to close out of the utility.
Now the CA EEM Server will use the newly generated certificates.