Sentry CA 3.5 does not support mixed-digest CA chains
Originally Published: 2001-07-23
Article Number
Applies To
TechNote 0104
Issue
When creating (or resigning) CA's for a hierarchy it is important to specify the issuer as the parent CA in the hierarchy. It is also important that the digest type throughout the entire PKI be the same.
Mixed type certificate chains are not supported in Sentry CA 3.5. For example, if you set the Root CA to be RSA/MD5 and the Admin CA to be DSA/SHA1, you will in fact create an Admin CA that is DSA/MD5.
Resolution
Related Articles
How many levels of Sub-CA chaining are supported in Sentry CA 3.x? Number of Views Error "keytool error: java.lang.Exception: Failed to establish chain from reply" when importing the SSP CA signed certific… Number of Views To allow automatic vetting of certificate request for Sentry CA 3.5 and later. Number of Views This certificate or its signing CA is not valid error when importing a certificate chain in RSA Authentication Manager 8.x… Number of Views How to upgrade to Sentry CA 3.6 from a previous version of Sentry CA. Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
