I have come across a thread which states that the signature algorithm SHA-1 is being deprecated. Is this true?
Signature algorithm SHA1 is being deprecatedSolved
Replies (7)
I have read an article too which talked about the same. It seems that that the certificates with the SHA-1 hashing algorithm are not secure and can be easily be exploited by attackers.
I guess it’ll be better to replace all your certificates using SHA-1 algorithm with better alternatives as it could lead to security issues.
I had been trying to get the details of the already deployed certificates from the Hexnode portal but I was not able to find out the Algorithm used in the certificates.
Can you try checking the policy with which the certificate has been associated? I think you will be able to find an option to view the certificate details.
I did try checking that option inside polices, but I could only find the name of the issuer and the expiry date of the certificate. Can you help me how to find the signature algorithm for my certificates?
Hi Isabis,
Thank you for reaching out to us!
I’d like to bring to your notice that deprecation for SHA1withRSA signature algorithm for certificate-based authentication has been announced by different organizations in the past few years due to its security vulnerabilities. Using the SHA-1 algorithm in your certificates can make it vulnerable to spoofing, phishing and man-in-the-middle attacks.
You cannot check the signature algorithm of the certificates from the Hexnode portal. However, you can manually check your certificates from your device (preferably laptops or PCs) for the type of algorithm used in them by following the given instructions:
- Find the location of the certificate on your device.
- Click on the certificate to view the certificate information.
- Click on the details dropdown to view the entire details of the certificate.
- Inside the certificate details, you will be able to find the signature algorithm used in the certificate.
Once you’ve found out the certificates having SHA1withRSA signature algorithm, you can replace those certificates with the newer ones from the policies and re-associate the policy to your devices.
Hope this answers your query.
Cheers!
Chris Coleman
Hexnode UEM
Thank you guys! You guys have been very helpful. I was actually able to figure out the certificates with the older SHA-1 certificates and replace them with the newer ones.