generating pfx with 3DES without SHA1 as signature algo

Question

I have a certificate in a .PEM file and a key. The signing algorithm of the certificate file is SHA256WithRSAEncryption.

When I create a .p12/.pfx file using the certificate file and the key the Signature Algorithm of .p12/.pfx file changes to

PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC

Is there a way I can get a SHA-2 certificate after the process?

score 0 · Answer 1 · answered Jul 14 '20 at 15:42

The certificate is embedded within the PKCS#12 container. Only the CA which issued the certificate can legitimately change the signature, which it can't/hasn't.

As you show in your question, the pbeWithSHA1And3-KeyTripleDES-CBC is for the PKCS#7 Encrypted data, which is the secure bag containing your unmodified SHA256WithRSAEncryption certificate.

generating pfx with 3DES without SHA1 as signature algo

1 Answers1