To modify the certs with custom key length and custom Digest algorithm. Please check the iGateway version before running the following instructions.
Gateway version must be 188.8.131.52 or later as the custom key length support has been added in that release
To check the version use the . *.conf files in the iTechnology directory will have the version and build number as:
If you do not have the iAuthority.conf file the iAuthority.xml file we provided will not needed and steps 3 will only contain 2 files and step 4 will not be necessary
The steps need to be run root,
The commands only get run only on machine with Command sponsor exists
Only iGateway needs to be cycled the Scheduler and Application Server do not need to be stopped, only iGateway is effected.
The 3 xml files provided by CA contain an entry that specified digest Algorithm SHA256 key length of 2048 so no change is needed. If you want to use a different length the files need to be altered to specify different length.
- Stop iGateway service
- Take a backup of iTechnology folder
- Copy the three files, attached with this email, under iTechnology folder
- Edit iAuthority.conf remove "<TrustedRoot ..." section.
- Remove all *.cer and *.key files under iTechnology folder
- Start igateway
- iGateway will regenerate the certificates during startup as the certificates are missing (deleted in step 5)
- iGateway must get started successfully
- Now run the following openssl command to check the certificates
- openssl x509 -in iauthority.cer -text -noout