locked
Server 2003 SHA-2 Certificate RRS feed

  • Question

  • I am renewing an SSL certificate that will be installed on several web servers in our organization. Some of these servers are Server 2012 but a few are Server 2003 and these are not yet ready to be upgraded to the current OS. Since SHA-1 will be deprecated in 2017 I am considering having this cert signed with SHA-2. It looks like Server 2003 requires a hotfix in order to be compatible with SHA-2 certs but I am having difficulty finding the right patch. Most guidance points to this KB:

    http://support.microsoft.com/kb/968730

    but there is only a 64-bit hotfix available, and my servers are 32-bit. They already have this security update:

    https://support.microsoft.com/kb/2868626

    which includes a newer version of the crypt32.dll file, but it does not explicitly state that it supports SHA-2. Any thoughts?

    Tuesday, April 1, 2014 2:46 PM

Answers

  • Hi

    I can get it x86 for the first hotfix (http://support.microsoft.com/kb/968730), you need to click to show all language and version, it will display after :)

    Windows Server 2003 English x86 Fix262679

    Thanks


    Regards, Philippe

    • Proposed as answer by Yagmoth555MVP Thursday, April 3, 2014 2:20 AM
    • Marked as answer by Matt McNabb Thursday, April 3, 2014 2:22 AM
    Wednesday, April 2, 2014 2:36 AM
  • Philippe,

    You're absolutely right! I just missed the link to expand and see the different versions.

    I have also verified that kb2868626 also supports SHA-2, but it is not explicitly stated.

    Thanks!

    • Marked as answer by Matt McNabb Thursday, April 3, 2014 2:23 AM
    Wednesday, April 2, 2014 7:52 PM

All replies

  • Hi

    I can get it x86 for the first hotfix (http://support.microsoft.com/kb/968730), you need to click to show all language and version, it will display after :)

    Windows Server 2003 English x86 Fix262679

    Thanks


    Regards, Philippe

    • Proposed as answer by Yagmoth555MVP Thursday, April 3, 2014 2:20 AM
    • Marked as answer by Matt McNabb Thursday, April 3, 2014 2:22 AM
    Wednesday, April 2, 2014 2:36 AM
  • Philippe,

    You're absolutely right! I just missed the link to expand and see the different versions.

    I have also verified that kb2868626 also supports SHA-2, but it is not explicitly stated.

    Thanks!

    • Marked as answer by Matt McNabb Thursday, April 3, 2014 2:23 AM
    Wednesday, April 2, 2014 7:52 PM
  • My pleasure. Thanks for the feedback :)

    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!

    Thursday, April 3, 2014 2:19 AM
  • Philippe,

    You're absolutely right! I just missed the link to expand and see the different versions.

    I have also verified that kb2868626 also supports SHA-2, but it is not explicitly stated.

    Thanks!

    FYI, the reason is that they removed the GDR branch from this update.

    Yuhong Bao

    Thursday, May 15, 2014 12:52 AM