Changing the Ciphers Used to Generate Client Private Keys

You can change the ciphers used to generate client private keys for client certificates by adding the sPriKeyEncCipher additional setting to a client or client group.

Setting this key will encrypt the generated client private key using the following ciphers:

  • 3des: 3DES CBC

  • aes128: AES 128 CBC

  • aes256: AES 256 CBC

Before You Begin

Procedure

  1. Follow the steps described in Adding or Modifying Additional Settings from the CommCell Console, using the following parameters:

    Property

    Value

    Setting Name

    sPriKeyEncCipher

    Category

    Session

    Type

    STRING

    Values

    3des (uses Triple DES in CBC mode, also known as 3DES CBC)

    aes128 (uses 128-bit Advanced Encryption Standard in CBC mode, also known as AES 128 CBC)

    aes256 (uses 256-bit Advanced Encryption Standard in CBC mode, also known as AES 256 CBC)

  2. Restart all services.

  3. Renew the client certificate.

    For more information, see Renewing a Revoked Certificate in a Typical CommCell Environment.

Loading...