You can change the ciphers used to generate client private keys for client certificates by adding the sPriKeyEncCipher additional setting to a client or client group.
Setting this key will encrypt the generated client private key using the following ciphers:
-
3des: 3DES CBC
-
aes128: AES 128 CBC
-
aes256: AES 256 CBC
Before You Begin
-
Enforce the use of the SHA256 digest for certificates by adding the nForceSHA256 additional setting to the CommServe computer.
For more information, see Enforcing the Use of SHA256 Digest for Certificates.
Procedure
-
Follow the steps described in Adding or Modifying Additional Settings from the CommCell Console, using the following parameters:
Property
Value
Setting Name
Category
Session
Type
STRING
Values
3des (uses Triple DES in CBC mode, also known as 3DES CBC)
aes128 (uses 128-bit Advanced Encryption Standard in CBC mode, also known as AES 128 CBC)
aes256 (uses 256-bit Advanced Encryption Standard in CBC mode, also known as AES 256 CBC)
-
Restart all services.
-
Renew the client certificate.
For more information, see Renewing a Revoked Certificate in a Typical CommCell Environment.