Generating SHA2 SSL certificates

Document ID : KB000126441
Last Modified Date : 08/02/2019
Show Technical Document Details
Issue:
Can you  explain how can i generate  sha -2 certificates with XCOM V11.6 SP2? 
Environment:
XCOM r11.6 SP02 for Windows
Resolution:
For testing purposes only, SHA2 certificates can be generated with the "make" scripts that are supplied with XCOM r11.6 SP02. Here is what you would do:
  • Modify the "default_md=" parameter in the [req] section of the clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "sha1". Change it to "sha256"
  • Modify the "default_bits=" parameter in the [req] section of the clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "1024". Change it to "2048"
  • Modify the sample  "makeclient.bat" and "makeserver.bat" to indicate that the certificates will be 2048 bit by changing the "rsa:1024" to "rsa:2048" on the openssl command:

                 e.g.  openssl req -newkey rsa:2048 -out serverreq.pem -outform PEM -config serverssl.conf
  • Now you can run the sample "make" scripts on your system
  • Issue the "listca", "listclient" and "listserver" scripts to check the "Signature Algorithm: sha256WithRSAEncryption" on the certificates.

We want to strongly stress that this is for testing purposes only. You need to contact your Security Administrator to determine your sites security specifications in order to handle SSL certifcates. They may provide you with actual certificates for your production systems.The "make" scripts are SAMPLE scripts that you can modify and be responsible to maintain for testing purposes.