Your EAServer installation (including client-only installations) includes a test CA and two sample certificates, which are signed by the test CA. The EAServer pre-5.2 test CA and sample certificates are signed using the MD5WithRSA algorithm, which is not FIPS approved. Running the post-5.1 installation program upgrades the test CA and sample certificates and signs them with the SHA1WithRSA algorithm, which is FIPS approved. When the server or client is FIPS-enabled, EAServer ensures that only FIPS-approved algorithms are used. If not, an error displays and is logged to the EAServer log file.
In the unlikely event that the sample certificates or db files used by the SSL runtime get deleted, you can upgrade the test CA and sample certificates by running the upgradeCerts.bat script from the command line if needed.
Go to the bin subdirectory on each EAServer installation that contains a test CA and sample certificates.
Run upgradeCerts.bat to upgrade the test CA and sample certificates. This script requires the PKCS #11 PIN be set to “sybase”.
The console displays a message indicating that the test CA and sample certificates have been upgraded. For example:
Warning: About to upgrade server and client certificates Please ensure that the sever is not running in the following location: JAGUAR = d:\52 Press enter to proceed with the upgrade.. Press any key to continue . . . Upgrading Server Certificates: d:\52 Upgrading Sybase Jaguar Test CA Sybase Test CA installed. ............................................................. Certificate Label: Sybase Jaguar User Test CA Subject CN : Sybase EAServer User Test CA (TEST USE ONLY) Issuer CN : Sybase EAServer User Test CA (TEST USE ONLY) Finger Print : 0x MD5 ce c8 8c 11 ab 11 10 c3 a8 f4 a9 07 6c 8c bb b4 SHA1 64 71 ee 44 95 9f 3d b7 ac 29 3d fb 87 43 5f 82 41 2f fa ab Signature algorithm: PKCS #1 SHA1 with RSA Encryption Serial Number : 0x 01 Valid From : Thu Oct 09 14:37:57 2003 Valid To : Thu Jan 08 08:44:37 2015 ............................................................. Installed Sample1 Test ID Private Key Info: 1024 bit RSA Key ............................................................. Certificate Label: Sample1 Test ID Subject CN : Sample1 Test ID Issuer CN : Sybase EAServer User Test CA (TEST USE ONLY) Finger Print : 0x MD5 d5 9a 56 3d 22 5d 2d 59 72 87 a2 db b6 48 b0 bf SHA1 6b 2c 86 2a 5b ee 3c d6 fc 2e 9f 6b 75 a4 25 c6 0e ff 28 69 Signature algorithm: PKCS #1 SHA1 with RSA Encryption Serial Number : 0x 02 Valid From : Fri Jun 25 15:26:59 2004 Valid To : Thu Jun 25 15:26:59 2009 ............................................................. Installed Sample2 Test ID Private Key Info: 1024 bit RSA Key ............................................................. Certificate Label: Sample2 Test ID Subject CN : Sample2 Test ID Issuer CN : Sybase EAServer User Test CA (TEST USE ONLY) Finger Print : 0x MD5 3a 47 b3 b2 e9 9a 53 ba 34 4e e3 b6 8b f0 b8 e7 SHA1 ab f9 5a 28 3e 50 bb 66 36 ed f1 3f 8c f7 07 2a 4b 34 a5 04 Signature algorithm: PKCS #1 SHA1 with RSA Encryption Serial Number : 0x 03 Valid From : Fri Jun 25 15:27:39 2004 Valid To : Thu Jun 25 15:27:39 2009 .............................................................
Running upgradeCerts.bat 