none
SHA1 deprecation and impact on FIM CM? RRS feed

  • Question

  • Hi,

    On November 12, 2013, Microsoft announced that it's deprecating the use of the SHA-1 algorithm in SSL and code signing certificates. The Windows PKI blog post "SHA1 Deprecation Policy" states that Windows will stop accepting SHA-1 end-entity certificates by January 1, 2017, and will stop accepting SHA-1 code signing certificates without timestamps after January 1, 2016. This policy officially applies to Windows Vista and later, and Windows Server 2008 and later, but it will also affect Windows XP and Windows Server 2003.

    What does this mean to our FIM CM infrastructure?

    1. If we update our FIM CM integrated CA to use SHA-2, will FIM CM continue to work as usual?
    2. Will we need to update anything on the FIM CM server (like update the fingerprint? or anything else?)
    3. Will we need to renew all our Smart Cards, or will they continue to work?

    Thank you,

    SK

    Thursday, March 12, 2015 10:16 PM

Answers

  • Shim, did you see this blog post from Milan?

    http://blogs.msdn.com/b/ms-identity-support/archive/2016/01/11/faq-for-fim-2010-to-mim-2016-upgrade-and-sha2-support.aspx

    Cheers,


    Tom Houston, UK Identity Management Practice

    • Marked as answer by Shim Kwan Tuesday, March 15, 2016 1:58 AM
    Friday, March 11, 2016 8:14 PM

All replies

  • Shim, did you see this blog post from Milan?

    http://blogs.msdn.com/b/ms-identity-support/archive/2016/01/11/faq-for-fim-2010-to-mim-2016-upgrade-and-sha2-support.aspx

    Cheers,


    Tom Houston, UK Identity Management Practice

    • Marked as answer by Shim Kwan Tuesday, March 15, 2016 1:58 AM
    Friday, March 11, 2016 8:14 PM
  • excellent thanks.
    Tuesday, March 15, 2016 1:58 AM