Default SSL Certificate Type from SHA1 to SHA256 during generation

C

ccto

Verified User
Joined
Feb 24, 2005
Messages
290
Location
Hong Kong
Hello DirectAdmin,

As SSL generated from SHA1 will start deprecated in 2016, may I suggest -
In the SSL CSR generation page (e.g. https://x.x.x.x:2222/CMD_SSL?domain=domain.com ) , please default the Certificate Type from SHA1 to SHA256 to reduce human error.

ref.:
http://www.symantec.com/page.jsp?id=sha2-transition
https://www.digicert.com/sha-2-ssl-certificates.htm
https://www.globalsign.com/ssl-information-center/transitioning-to-sha-256.html

Thank you very much for your kind attention.

Regards
George
 
Thanks for the request, and yes, that's the plan :)
The reason it was left out in the current release was the SHA-256 CSR generation had a bug:
http://www.directadmin.com/features.php?id=1632

which we needed to make sure got fixed, prior to changing the default selection.

As there have not been any issues, I'll change the default now for the next release.

Thanks!
John
 
Thank you.

However, I have a concern.

On CentOS 5, the openssl is 0.98e.
Inside openssl command, it does not show the option for SHA256.

However, in a CentOS 5.10 OpenVZ VE guest, I goto DA panel, generate SHA256 key, CSR, and I can successfully completed the SSL application (via RapidSSL) for SHA256 too.

Can you also have a test?

Thank you
Regards
George
 
Tested on:
Code: 
[root@es5 templates]# rpm -qa | grep opensslopenssl-0.9.8e-12.el5_5.7
openssl-devel-0.9.8e-12.el5_5.7
[root@es5 ~]# openssl version

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
[root@es5 ~]# cat /etc/redhat-release
CentOS release 5.6 (Final)
Created a 2048 bit SHA-256 self-signed cert, without errors.

Just tested a CSR, worked fine.

John
 
You must log in or register to reply here.
Back
Top