Does webMethods support SHA1 encryption/signing for SOAP security policy

My client is using SHA1 for their signing/encryption policy of their webservice (in the SOAP security header). Is there a way to use SHA1 for the security policy, as it seems wm uses SHA2.


you can customized the policy file to use other AlgorithmSuite
You can find the policy file at:

start with an existing policy.
edit this field:
<sp:TripleDesRsa15 />
you can find all possible Algorithm Suite at:
section 6.1, most basic ones are using SHA1

Thanks. I just went through all the SHA1 algorithms and still get “signature or decryption was invalid.”

Check with your client for the value they use in the AlgorithmSuite field.
SHA1 is only part of the Suite. They may be using a different one.

For that error, it may caused by a missing cert configuration (you don’t trust the cert that’s signing or encrypting the message). Have you configure client cert for Message Authentication, Verify and Encrypt