Does Client Automation support the SHA-2 hashing standard for X.509/SSL Certificate Chain Encryption.

Document ID : KB000069788
Last Modified Date : 21/02/2018
Show Technical Document Details
Introduction:

Whenever a CA Client Automation client process connects to a CAF plug-in that requires authentication, the client process must pass security credentials relevant to the target services security requirements. Where the client process is running as an autonomous process, such as a Windows NT service or a UNIX daemon, the client process authenticates using X.509 V3 certificates in the absence of any user credentials.

An X.509 certificate for CA Client Automation authentication comprises a set of attribute-value pairs that are packaged together with the public encryption key of an asymmetric key pair. A root certificate digitally signs and seals the certificate. The certificate records the name of the subject to whom the certificate was issued, the issuing certificate authority name and expiry information. The subject name is often referred to as the Distinguished Name (DN). The subject name is mapped to a Uniform Resource Identifier (URI) in the x509cert namespace, such as the following example:

x509cert://dsm r11/CN=Basic Host Identity,O=Computer Associates,C=US
Question:

Does Client Automation support the SHA-2 hashing standard for X.509 certificates?

Environment:
Client Automation -- all versions.
Answer:

Client Automation supports the SHA-2 hashing standard starting in version r14 SP1, and forward.  All previous releases only support using the SHA-1 hashing standard for X.509 certificates

Additional Information:
For backward compatibility, Client Automation r14 SP1 will introduce new configuration parameters, which allow the Administrator to specify whether the SHA-2 hash algorithm is preferred or required  for communication.  Refer to the Client Automation r14 SP1 release notes for more information.