michelsr Absent Member.
Absent Member.
392 views

Certificate Question

We're using internal, self-signed, SHA1 certificates which expire in 2020.

Microsoft seems to be saying that their browsers (and operating systems) will stop supporting SHA1 on February 14, 2017. . .

http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx#Overview

But I'm having trouble understanding whether this will apply to the SHA1 certificates signed by our Zenworks CA server (which was issued in 2010).

I'd prefer not to remint our certificates unless/until it is necessary.

Does anyone know whether the February 14, 2017 change will affect communication between Zenworks Primaries and Windows devices currently using SHA1 certificates?

Thanks.
Labels (2)
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: Certificate Question

This link does not relate, as it is specifically for signed executables and drivers and specifically stuff compiled and signed AFTER that date....not existing software.
I do not expect things to break on Feb 14th 2017 for previously issues SHA-1 Certs.
However, it is hard to say when vendors will stop honoring SHA-1.

While security folks what to get away from SHA-1, there have been so many bugs in SHA-2 Support that unless you are running Windows 7 or later with relatively very recent Windows updates, SHA-2 may fail in certain cases.
This makes creating a universal edict quite hard for previously deployed sites, certs, software, etc....

That being said, if you remint your ZCM CA in ZCM 11.4.x, it will use SHA-2.
So if and when this becomes an issue the option to move to SHA-2 is there.

However, I would concur in not rushing to change your CA from SHA-1 to SHA-2.
I don't think vendors will cease to honor previously issues certs for quite a while.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.