You can change the ciphers used to generate client private keys for client certificates by adding the sPriKeyEncCipher additional setting to a client or client group.
Setting this key will encrypt the generated client private key using the following ciphers:
-
3des: 3DES CBC
-
aes128: AES 128 CBC
-
aes256: AES 256 CBC
Procedure
-
Follow the steps described in Adding or Modifying Additional Settings from the CommCell Console, using the following parameters:
Property
Value
Setting Name
Category
Session
Type
STRING
Values
3des (uses Triple DES in CBC mode, also known as 3DES CBC)
aes128 (uses 128-bit Advanced Encryption Standard in CBC mode, also known as AES 128 CBC)
aes256 (uses 256-bit Advanced Encryption Standard in CBC mode, also known as AES 256 CBC)
-
Restart all services.
-
Renew the client certificate.
For more information, see Renewing a Revoked Certificate in a Typical CommCell Environment.