trscavo at gmail.com
Fri May 30 09:51:30 EDT 2014
On Fri, May 30, 2014 at 9:21 AM, Liam Hoekenga <liamr at umich.edu> wrote:
> We're trying to work through an issue with a vendor re: the InCommon
> mandated move from sha1 to sha256 hashing.
> Their concern is that the signature algorithm used when signing our public
> key is sha1, and have asked that we retest using a cert that's using sha256.
That's not necessary.
> The instructions in the shib wiki don't mention having to reissue certs, and
> we have other vendors who were able to use the sha256 configuration.
> Is this vendor request needed / reasonable? Is it a red herring?
See the section "SHA-1 and X.509 Certificates" in this blog article:
More information about the users