cpca_client set_sign

Description

Sets the hash algorithm that the CA uses to sign the file hash. Also, see sk103840.

Important - On Multi-Domain Server, you must run this command in the context of the relevant Domain Management Server.

Syntax

cpca_client [-d] set_sign_hash {sha1 | sha256 | sha384 | sha512}

Important - After this change, you must restart the Check Point services with these commands:

On Security Management Server, run:

On Multi-Domain Server, run:

Parameters

Parameter	Description
`-d`	Runs the command in debug mode. Use only if you troubleshoot the command itself.
`{sha1 \| sha256 \| sha384 \| sha512}`	The hash algorithms that the CA uses to sign the file hash. The default algorithm is SHA-256.

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

{sha1 | sha256 | sha384 | sha512}

The hash algorithms that the CA uses to sign the file hash.

The default algorithm is SHA-256.

Example

[Expert@MGMT:0]# cpca_client set_sign_hash sha256

You have selected the signature hash function SHA-256

WARNING: This hash algorithm is not supported in Check Point gateways prior to R71.

WARNING: It is also not supported on older clients and SG80 R71.

Are you sure? (y/n)

Internal CA signature hash changed successfully.

Note that the signature on the Internal CA certificate has not changed, but this has no security implications.

[Expert@MGMT:0]#

[Expert@MGMT:0]# cpstop ; cpstart