A new feature has been added to REKEY and GENCERT commands that prevents the downgrade of a new key from ICSF/PCICC to a database key. Processing has changed to prevent downgrade. If you do not specify any of the following keywords on a REKEY subcommand, CA Top Secret will not take what was used on the original certificate.
A certificate cannot be downgraded from an ECC type (NISTECC or BPECC) to non-ECC (and conversely). Attempting to do this will produce one of the following messages:
TSS1613E ICSF or PCICC was specified but input certificate is NISTECC or BPECC
For more information about this enhancement, see the Command Functions Guide.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|