cpca_client set_sign_hash

Description

Sets the hash algorithm that the CA uses to sign the file hash. Also, see sk103840.

Note:

On a Multi-Domain Server, you must run this command in the context of the applicable Domain Management Server:

mdsenv <IP Address or Name of Domain Management Server>

Syntax

cpca_client [-d] set_sign_hash {sha1 | sha256 | sha384 | sha512}

Important - After this change, you must restart the Check Point services with these commands:

  • On Security Management Server, run:

    1. cpstop

    2. cpstart

  • On a Multi-Domain Server, run:

    1. mdsstop_customer <Name or IP Address of Domain Management Server>

    2. mdsstart_customer <Name or IP Address of Domain Management Server>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

{sha1 | sha256 | sha384 | sha512}

The hash algorithms that the CA uses to sign the file hash.

The default algorithm is SHA-256.

Example

[Expert@MGMT:0]# cpca_client set_sign_hash sha256
 
You have selected the signature hash function SHA-256
WARNING: This hash algorithm is not supported in Check Point gateways prior to R71.
WARNING: It is also not supported on older clients and SG80 R71.
 
Are you sure? (y/n)
y
Internal CA signature hash changed successfully.
Note that the signature on the Internal CA certificate has not changed, but this has no security implications.
[Expert@MGMT:0]#
[Expert@MGMT:0]# cpstop ; cpstart