How can I create a Certificate Request Signed by a different algoritm than my private key?

Solution Verified - Updated -

Issue

  • Need to be able to generate a cert request using an *existing* key (i.e. the root's existing private key) that is signed by something other than the default MD5 algorithm
  • If the java GUI is used to create a request (pretend the cert is a subordinate CA so the GUI presents a request rather than
    automatically signing it itself), the request is MD5
  • If certutil is used do the same thing, it comes out as SHA-1
  • Cannot find any option in certutil to use an arbitrary signature algorithm (e.g. SHA-256).

Environment

  • Red Hat Certificate System 8
  • Red Hat Enterprise Linux 5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.