none
Signature Algorithm shows "sha256" but thumbprint algorithm still says "sha1"

    Question

  • I am setting up an issuing CA. I have installed a certificate that uses sha256 Signature Hash Algorithm.  But when I scroll down to the bottom of this certificates details panel, the "Thumbprint Algorithm" field still shows SHA1.

    Please advise if this is an expected behavior or I am doing something wrong here ?

    Regards..

    • Moved by Doug NealMicrosoft employee Thursday, September 15, 2011 5:32 PM Not MBSA related (From:MBSA - Microsoft Baseline Security Analyzer)
    Thursday, September 15, 2011 11:17 AM

Answers

  • this is expected behavior. Thumbprint is just a property and is just attached to the certificate object by CryptoAPI subsystem and this value is always SHA1. Thumbprint is used only to locate required certificate in the store. Signature is a part of the digital certificate and is used to verify certificate signature.
    My weblog: http://en-us.sysadmins.lv
    PowerShell PKI Module: http://pspki.codeplex.com
    Windows PKI reference: on TechNet wiki
    • Edited by Vadims PodansMVP Friday, September 16, 2011 8:26 AM
    • Proposed as answer by Vadims PodansMVP Tuesday, September 27, 2011 6:20 PM
    • Marked as answer by Bruce-Liu Thursday, September 29, 2011 6:39 AM
    Friday, September 16, 2011 8:26 AM

All replies