sha256 hashing

Tom Scavo trscavo at
Fri May 30 09:51:30 EDT 2014

On Fri, May 30, 2014 at 9:21 AM, Liam Hoekenga <liamr at> wrote:
> We're trying to work through an issue with a vendor re: the InCommon
> mandated move from sha1 to sha256 hashing.
> Their concern is that the signature algorithm used when signing our public
> key is sha1, and have asked that we retest using a cert that's using sha256.

That's not necessary.

> The instructions in the shib wiki don't mention having to reissue certs, and
> we have other vendors who were able to use the sha256 configuration.
> Is this vendor request needed / reasonable?  Is it a red herring?

See the section "SHA-1 and X.509 Certificates" in this blog article:



More information about the users mailing list