Remove From My Forums

Generate SSL cert with stronger signature algorithm such as RSA-SHA 1 or SHA 2 from Certificate Authority Version: 5.2.3790.3959

Question
0

Sign in to vote

We have a Certificate Authority (Version: 5.2.3790.3959) configured on Windows 2003 R2 server in our environment. How do i generated SSL cert with stronger signature algorithm such as with SHA1 or SHA2

Currently i am only able to generate SSL cert with md5RSA.

Wednesday, April 9, 2014 3:17 AM

Answers

1

Sign in to vote
Hi,

Since you are using Windows Server 2003 R2 as CA, the hash algorithm cannot be changed, while in Windows 2008 and 2008 R2, changing the hash algorithm is possible.

Therefore, you need to build a new CA to use a new algorithm.

More information for you:

Is it possible to change the hash algorithm when I renew the Root CA

http://social.technet.microsoft.com/Forums/windowsserver/en-US/91572fee-b455-4495-a298-43f30792357e/is-it-possible-to-change-the-hash-algorithm-when-i-renew-the-root-ca?forum=winserversecurity

Changing public key algorithm of a CA certificate

http://social.technet.microsoft.com/Forums/windowsserver/en-US/0fd19577-4b21-4bda-8f56-935e4d360171/changing-public-key-algorithm-of-a-ca-certificate?forum=winserversecurity

modify CA configuration after Migration

http://social.technet.microsoft.com/Forums/windowsserver/en-US/0d5bcb76-3a04-4bcf-b317-cc65516e984c/modify-ca-configuration-after-migration?forum=winserversecurity

Best Regards,

Amy Wang
- Marked as answer by Amy Wang_ Monday, April 14, 2014 1:41 AM
Thursday, April 10, 2014 6:31 AM

All replies

1

Sign in to vote
Hi,

Since you are using Windows Server 2003 R2 as CA, the hash algorithm cannot be changed, while in Windows 2008 and 2008 R2, changing the hash algorithm is possible.

Therefore, you need to build a new CA to use a new algorithm.

More information for you:

Is it possible to change the hash algorithm when I renew the Root CA

http://social.technet.microsoft.com/Forums/windowsserver/en-US/91572fee-b455-4495-a298-43f30792357e/is-it-possible-to-change-the-hash-algorithm-when-i-renew-the-root-ca?forum=winserversecurity

Changing public key algorithm of a CA certificate

http://social.technet.microsoft.com/Forums/windowsserver/en-US/0fd19577-4b21-4bda-8f56-935e4d360171/changing-public-key-algorithm-of-a-ca-certificate?forum=winserversecurity

modify CA configuration after Migration

http://social.technet.microsoft.com/Forums/windowsserver/en-US/0d5bcb76-3a04-4bcf-b317-cc65516e984c/modify-ca-configuration-after-migration?forum=winserversecurity

Best Regards,

Amy Wang
- Marked as answer by Amy Wang_ Monday, April 14, 2014 1:41 AM
Thursday, April 10, 2014 6:31 AM
0

Sign in to vote

Hi All,

I have a CA Version 6.1 configured on Win Server 2008 R2 Enterprise. I am able to generate SSL cert with SHA-1 signature but how do I configure it to generate SHA-2 signature algorithm certs.

Do I need to build a new CA for SHA-2 ? I cant find a clear instruction any where to do this change (SHA-1 to SHA-2)..

Please help

Wednesday, June 11, 2014 4:23 AM
0

Sign in to vote
There are many sides to the SHA-2 upgrade story. You can do side by side different Root CA migration, or you can upgrade your existing CA servers.

There is a white paper describing each approach and how it will affect your applications:

http://ammarhasayen.com/2015/02/04/what-makes-a-ca-capable-of-issuing-certificates-that-uses-sha-2/
ammarhasayen
- Proposed as answer by Ammar Akram Hasayen Wednesday, February 4, 2015 3:17 PM
Wednesday, February 4, 2015 3:17 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Generate SSL cert with stronger signature algorithm such as RSA-SHA 1 or SHA 2 from Certificate Authority Version: 5.2.3790.3959

Question

Answers

All replies