Generating SHA2 SSL certificates
Document ID :
Last Modified Date :
Show Technical Document Details
CA XCOM Data Transport
CA XCOM Data Transport for Windows:XCPCNT
Can you explain how can i generate sha -2 certificates with XCOM V11.6 SP2?
XCOM r11.6 SP02 for Windows
For testing purposes only
, SHA2 certificates can be generated with the "make" scripts that are supplied with XCOM r11.6 SP02. Here is what you would do:
Modify the "default_md=" parameter in the [req] section of the clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "sha1". Change it to "sha256"
Modify the "default_bits=" parameter in the [req] section of the clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "1024". Change it to "2048"
Modify the sample "makeclient.bat" and "makeserver.bat" to indicate that the certificates will be 2048 bit by changing the "rsa:1024" to "rsa:2048" on the openssl command:
e.g. openssl req -newkey rsa:2048 -out serverreq.pem -outform PEM -config serverssl.conf
Now you can run the sample "make" scripts on your system
Issue the "listca", "listclient" and "listserver" scripts to check the "Signature Algorithm: sha256WithRSAEncryption" on the certificates.
We want to strongly stress that this is for testing purposes only. You need to contact your Security Administrator to determine your sites security specifications in order to handle SSL certifcates. They may provide you with actual certificates for your production systems.The "make" scripts are SAMPLE scripts that you can modify and be responsible to maintain for testing purposes.
Was this information helpful?