You should add -sigalg SHA1WithRSA parameter to the second keytool call, where CSR is actually generated.
Keytool keeps giving SHA256 sigalg instead of requested alg
Frage
I am using Keytool in java to generate a keystore/CSR to submit to a certificate Authority.
My CA only supports MD5withRSA and SHA1withRSA
Everytime I use keytool to create the keystore and export the CSR I am getting a SHA256withRSA signature Algorithm.
I've tried manually setting the -sigalg but it keeps going to sha256 everytime whether i try to set it to md5 or sha1
Can someone advise me on what I'm doing wrong
keytool -genkey -alias server -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -keystore www_mydomain_com.jks -dname "CN=www.mydomain.com,OU=it, O=mycompany, L=thecity, ST=thestate, C=US" && keytool -certreq -alias server -file www_mydomain_com.csr -keystore www_mydomain_com.jks
keytool -genkey -alias server -keyalg RSA -sigalg MD5withRSA -keysize 2048 -keystore www_mydomain_com.jks -dname "CN=www.mydomain.com,OU=it, O=mycompany, L=thecity, ST=thestate, C=US" && keytool -certreq -alias server -file www_mydomain_com.csr -keystore www_mydomain_com.jks
Both commands create a csr that shows SHA256withRSA
Lösung
Andere Tipps
$ keytool -genkey -alias selfsignedcert -keyalg RSA -sigalg SHA1withRSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365
You have to assign the sigalg when you create the CSR (not the keystore):
$ keytool -certreq -alias <alias> -keystore <keystore>.jks -file <file>.csr -sigalg SHA1WithRSA
sha1 is already expired and valid only til 2016. You have to upgrade to sha2. Try it and let me know if that solves your problem. -Jed A