[BlueOnyx:16555] Re: SHA-2 CSR
Matt James
matt at rainstorminc.com
Tue Nov 25 11:18:25 -05 2014
Hi Michael,
One quick follow-up on this. My client is the one who controls the SSL for the site, so there would likely be some delay between generating the new CSR and installing the SHA-2 cert. If I proceed as you suggest by temporarily removing the /certs folder for the site to generate the SHA256 CSR, can I restore the old certs directory while I wait for the new certificate to arrive from my client? Or is there something that changes in the configuration of the SSL that would prevent me from using the SHA-1 certificate after generating an SHA256 CSR?
Thanks for your help!
--
Matt James
RainStorm, Inc <http://rainstorminc.com/>
(207) 866-3908 x54
> On Nov 21, 2014, at 10:48 PM, Michael Stauber <mstauber at blueonyx.it> wrote:
>
> Hi Matt,
>
>> I'm about to issue a few CSRs from our servers that need to be SHA-2
>> compatible (assuming that's the right language to describe it). Is
>> there anything special that I need to do? I have both 5107R and
>> 5106R servers that this would be executed on.
>
> Make sure you're fully YUM updated. Then go into the directory
> /home/sites/www.site.com/certs and move everything in there to a safe
> place. Or rename the whole "certs" directory of that Vsite to
> "certs.bak" and then make sure the new "certs" directory is empty.
>
> Then create the signing request. If no key or old certificate is present
> in the directory, then the new cert will no longer use SHA-1 but the
> stronger SHA256 hashing algorithm.
>
> This was added to all BlueOnyx versions about two months ago.
>
> Example for 5106R:
> http://devel.blueonyx.it/trac/changeset/1661/BlueOnyx/ui/base-ssl.mod
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20141125/61d2e04a/attachment.html>
More information about the Blueonyx
mailing list