How To Change The Zentyal Certificate Algorithm From SHA-1 To SHA256

How To Change The Zentyal Certificate Algorithm From SHA-1 To SHA256

Get Social!

logo-zentyal-blackAs of Zentyal version 4.2 the bundled certificate authority (CA) module is creating signed certificates using the SHA-1 algorithm which is an old algorithm and pretty much deprecated.

Google Chrome, for example, will give a warning when accessing any SSL page that’s encrypted stating that your connection is not secure.

SSL Certificates created now should, as a minimum, use the the SHA256 algorithm to ensure encrypted connections are kept private. To change Zentyal to use the SHA256 algorithm, you’ll need to make a small edit to your openssl.cnf file.

And look for default_md within the file. It will currently show as sha1 like below:

Edit the value and enter sha256.

You’ll then need to log into the Zentyal Admin site and revoke and re-issue all of your sha1 certificates.

I’ve submitted a pull request on Github to have the default changed for new installations.


Related posts:


Leave a Reply

Visit our advertisers

Search

Quick Poll

How often do you change the password for the computer(s) you use?

Visit our advertisers