cpca_client set_sign_hash

Description

Sets the hash algorithm that the CA uses to sign the file hash. Also, see sk103840.

Note:

On a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., you must run this command in the context of the applicable Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.:

mdsenv <IP Address or Name of Domain Management Server>

Syntax

cpca_client [-d] set_sign_hash {sha1 | sha256 | sha384 | sha512}

Important - After this change, you must restart the Check Point services with these commands:

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

{sha1 | sha256 | sha384 | sha512}

The hash algorithms that the CA uses to sign the file hash.

The default algorithm is SHA-256.

Example

[Expert@MGMT:0]# cpca_client set_sign_hash sha256
 
You have selected the signature hash function SHA-256
WARNING: This hash algorithm is not supported in Check Point gateways prior to R71.
WARNING: It is also not supported on older clients and SG80 R71.
 
Are you sure? (y/n)
y
Internal CA signature hash changed successfully.
Note that the signature on the Internal CA certificate has not changed, but this has no security implications.
[Expert@MGMT:0]#
[Expert@MGMT:0]# cpstop ; cpstart