Print Download PDF Send Feedback

Previous

Next

cpca_client set_sign_hash

Description

Sets the hash algorithm that the CA uses to sign the file hash. Also, see sk103840.

Important - On Multi-Domain Server, you must run this command in the context of the relevant Domain Management Server.

Syntax

cpca_client [-d] set_sign_hash {sha1 | sha256 | sha384 | sha512}

Important - After this change, you must restart the Check Point services with these commands:

On Security Management Server, run:

  1. cpstop
  2. cpstart

On Multi-Domain Server, run:

  1. mdsstop_customer <Name or IP Address of Domain Management Server>
  2. mdsstart_customer <Name or IP Address of Domain Management Server>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

{sha1 | sha256 | sha384 | sha512}

The hash algorithms that the CA uses to sign the file hash.

The default algorithm is SHA-256.

Example

[Expert@MGMT:0]# cpca_client set_sign_hash sha256

 

You have selected the signature hash function SHA-256

WARNING: This hash algorithm is not supported in Check Point gateways prior to R71.

WARNING: It is also not supported on older clients and SG80 R71.

 

Are you sure? (y/n)

y

Internal CA signature hash changed successfully.

Note that the signature on the Internal CA certificate has not changed, but this has no security implications.

[Expert@MGMT:0]#

[Expert@MGMT:0]# cpstop ; cpstart

28 November 2021
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2021 Check Point Software Technologies Ltd. All rights reserved.