You can specify with -Z sha256. See https://bugzilla.mozilla.org/show_bug.cgi?id=1058870
On Tue, Sep 9, 2014 at 8:21 AM, Rex Roof <r...@wccnet.edu> wrote: > Hi, I've been searching for documentation on this and I'm coming up short. > > I have created my own CA for our domain using moznss certutil on a redhat6 > machine. > I need to change my methods to start creating SHA256 certs (i'm sure you > all know why) > > currently I use this command to create keys: > > certutil -S -d . -f pw -n "$KEYHOST" \ > -s "CN=$KEYHOST" -c "wcc2013CA" \ > -t "u,u,u" -m $SERIAL -v 720 \ > -z noise.txt -k rsa > > On RHEL6 with NSS 3.16.1 this creates keys with sha1WithRSAEncryption. > > Is there an option I can change to that certutil command to create SHA256 > keys instead? > > I apologize if this is the wrong list to ask. > > > - Rex Roof > WCC Systems Engineer <r...@wccnet.edu> > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
