locked
IBCM PKI Certificate compatibility [SHA-1 and SHA-2] RRS feed

  • Question

  • Dear All,

    We are middle for the IBCM implementation for SCCM 2012.  Need quick input from expert.

    We have gone through https://technet.microsoft.com/en-us/library/gg699362.aspx As per MS certificate should be supported SHA-2.  But we never find anywhere of the docoument that SHA-1 will not support. Please help me to clarify on below two points:

    Point 1: IBCM required certificates supports SHA-2 algorithm. [Here we dint find anywhere document that that it will not support SHA-1 algorithm)

    Point 2: Effective January 1, 2017, Windows will no longer trust certificates signed with SHA-1. We recommend that you issue new server and client authentication certificates signed with SHA-2. Here if client is working on SHA-1 it stop communicating or it will work but Microsoft will not support for further.

    Thanks in advance for quick answer.

    Regards, Haresh

    Tuesday, August 30, 2016 8:04 AM

Answers

  • Either technically works fine. The issue is that SHA-1 has been deemed insecure and so they recommend that you not use it -- it has nothing to do with it not actually working.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by hirravi Wednesday, August 31, 2016 7:01 AM
    Tuesday, August 30, 2016 12:21 PM
  • Thank you Jason for quick input. 
    • Marked as answer by hirravi Wednesday, August 31, 2016 7:02 AM
    Wednesday, August 31, 2016 7:02 AM

All replies

  • Either technically works fine. The issue is that SHA-1 has been deemed insecure and so they recommend that you not use it -- it has nothing to do with it not actually working.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by hirravi Wednesday, August 31, 2016 7:01 AM
    Tuesday, August 30, 2016 12:21 PM
  • Thank you Jason for quick input. 
    • Marked as answer by hirravi Wednesday, August 31, 2016 7:02 AM
    Wednesday, August 31, 2016 7:02 AM