Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Updating the signature algorithm z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|||||||||||||||||||||||||||||||||||||
The signature algorithm that PKI Services uses to sign certificates must be based on the key type of the CA certificate. If it is not, PKI Services is unable to start. By default, IKYSETUP creates the CA certificate with an RSA key pair. The default value of the signature algorithm in the pkiserv.conf file is sha–256WithRSAEncryption. You can change the signature algorithm by changing the SigAlg1 value in the CertPolicy section of the pkiserv.conf configuration file. Set SigAlg1 to one of the algorithm identifiers shown in Table 1 for the key type of the CA certificate.
Tips: Consider these points when choosing the signature
algorithm:
|
Copyright IBM Corporation 1990, 2014
|