Updating a blog on the iseries
Updating a blog on the iseries - winston salem north carolina black christians dating services
Well it’s been a very long while since I have written anything for the Ask DS blog.
I am not discussing anything new about Microsoft SHA1 deprecation plans.You are basically going to have to test every application within your environment to make sure that they will be able to do certificate chaining and revocation checking against certificates and CRLs that have been signed using one of the SHA2 algorithms.Heck, you might remember we have the following hotfix’s so that Windows XP SP3 and Windows Server 2003 SP2 can properly chain a certificate that contains certification authorities that were signed using SHA2 algorithms.Windows Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) if the CA is configured to use SHA2 256 or higher encryption Applications that use the Cryptography API cannot validate an X.509 certificate in Windows Server 2003 Inevitably we get the question “What would you recommend Microsoft?If you want information on this topic please look at the following link: SHA1 Deprecation Policy – does appears that some Web browsers are on a faster timeline to not allow SHA1 certificates as Goggle Chrome has outlined in this blog: as you would suspect, we are starting to get a few calls from customers wanting to know how to migrate their current Microsoft PKI hierarchy to support SHA2 algorithms.We actually do have a Tech Net article explaining the process.
Before you go through this process of updating your current PKI hierarchy, I have one question for you.
Are you sure that all operating systems, devices, and applications that currently use internal certificates in your enterprise actually support SHA2 algorithms?
How about that ancient Java based application running on the 20 year old IBM AS400 that basically runs the backbone of your corporate data?
Does the AS400 / Java version running on it support SHA2 certificates so that it can do LDAPS calls to the domain controller for user authentication?
What about the old version of Apache or Tomcat web servers you have running?
Do they support SHA2 certificates for the websites they host?