TPok 1 Posted March 3, 2017 Posted March 3, 2017 I just installed Remote Administrator Server 6.4 let it create the certificates during the Installation. They are all using SHA-1. According to the documentation I enabled the Advanced Security Server Setting because I wanted to have SHA-2 used. Then I created a new CA and certificates. But these are also using SHA-1. Restarting services does not help. What am I doing wrong? Thanks, TPok
Former ESET Employees Katarina 3 Posted March 6, 2017 Former ESET Employees Posted March 6, 2017 (edited) Hello, which type of operation system do you have? How did you verify that new CA and certificates use SHA-1 ? Edited March 6, 2017 by Katarina
TPok 1 Posted March 6, 2017 Author Posted March 6, 2017 (edited) Hello Katarina, the server OS is Windows Server 2012 R2. I did the following steps: Activate "Advanced security" server setting Generate new Certification Authority Éxport Public Key of the CA Looked at the certificate. It shows "Signature Algorithm: sha1RSA" and "Hash Algorithm: sha1" Edited March 6, 2017 by TPok
Former ESET Employees Katarina 3 Posted March 7, 2017 Former ESET Employees Posted March 7, 2017 Hello, it is necessary to restart ERA Server service after activating "Advanced security server setting". Instructions how to restart service is in this KB article. Then continue with the step 2,3,4 written above (Generate new Certification Authority, Éxport Public Key of the CA, Looked at the certificate)
TPok 1 Posted March 7, 2017 Author Posted March 7, 2017 Sorry I forgot to mention that I already did this. I tried to restart the Service and the whole server. The result is always the same: SHA1
Former ESET Employees Katarina 3 Posted March 7, 2017 Former ESET Employees Posted March 7, 2017 This is known issue for ERA 6.4. In ERA 6.5 this functionality will be available. I have replicated the steps, which you have written above and it works in ERA 6.5.
Recommended Posts