TLS default signature algorithm certificate list has changed for System TLS

The System TLS default signature algorithm certificate list no longer contains ECDSA_SHA224, ECDSA_SHA1, RSA_SHA224, RSA_SHA1, or RSA_MD5 signature algorithms. The enabled signature algorithm certificate list still contains those values.

For applications using the default list, certificates with those signatures will not be allowed. Applications can explicitly set the list if the default list is too restrictive. The most limited way to accomplish this is to use Digital Certificate Manager to change the explicit list for only the specific Application Definition requiring these algorithms.

If one of these algorithms must be added to the default signature algorithm certificate list, use System Service tools Advanced Analysis command TLSCONFIG option defaultSignatureAlgorithmCertificateList to add the value.

For additional information about the signature algorithm certificate list, see Certificate selection.