Nov 28, 2022

RSASSA-PSS Signing Algorithm Support

Introduction

GlobalSign supports the RSASSA-PSS signing algorithm for all S/MIME Certificates issued via Enterprise PKI (effective October 29, 2018).
Please review the steps below to configure your Enterprise PKI Profile to use the RSASSA-PSS algorithm.

Configure your Profile in Enterprise PKI

New customers:

Contact a Sales Representative to setup an Enterprise PKI account.

Existing customers:

1. Log in to your GlobalSign Certificate Center (GCC) account.

   

2. Select the Enterprise PKI tab as shown below.

   

3. On the left menu, under My Profiles, press the Profile Configuration option.

   

4. Select the correct Profile that you'd like to configure and then click the Next button.

   

5. On the Profile Configuration window, select the Signature Algorithm: RSASSA-PSS (sha256) as shown below.

   

6. Click the Next button to complete the process.

   

7. You will be redirected to the window confirming the process is successful. Once this has been configured, you can issue Certificates that will include RSASSA-PSS as the signing algorithm.

8. Follow the normal issuance process either using the GCC (GlobalSign Certificate Center) or the EPKI API. Please take note of the Profile ID that you configured to use the RSASSA-PSS algorithm. You will need to select and/or specify this Profile ID when issuing certificates.

Note: This algorithm should be tested for compatibility with Mail Clients as RSASSA-PSS may not be supported.