none
Trust SHA1 cert for internal application which doesnt support SHA2 RRS feed

  • Question

  • I am wondering if there is a way to trust a SHA1 cert? We use Oracle and our version does not support SHA2. It is internal only and never sees the internet. We fully understand SHA1 and the risks. We don't want to trust them all, just our 1 cert used internally. If its a matter of trusting them all or lowering security settings, we would consider this for our Intranet zone until we can upgrade Oracle.

    Thanks.

    Thursday, October 12, 2017 5:16 PM

All replies

  • I am wondering if there is a way to trust a SHA1 cert? We use Oracle and our version does not support SHA2. It is internal only and never sees the internet. We fully understand SHA1 and the risks. We don't want to trust them all, just our 1 cert used internally. If its a matter of trusting them all or lowering security settings, we would consider this for our Intranet zone until we can upgrade Oracle.

    Thanks.

    What does you mean by trust SHA1 cert? do you mean that your browser does not trust SHA1 and preventing access to your oracle app?
    Thursday, October 12, 2017 5:47 PM
  • Hi Manoj,

    Thanks for the response. I mean that since SHA1 is depreciated when a site uses those certs the browser will present a warning about an unsafe certificate and then the user needs to click continue to site. I am wondering if we can prevent that warning? The normal procedure for trusting certificates does not get rid of it. I am suspecting that the SHA1 warning cant be prevented but wanted to crowd source it a bit.

    Thanks.

    Thursday, October 19, 2017 1:41 PM
  • Hi, I dont think it is possible to disable the warning message. Microsoft has deprecated SHA1, IE11 and Edge started flagging websites as insecure if they use SSL/TLS certificates signed with the SHA-1 algorithm.
    Thursday, October 19, 2017 9:38 PM