Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PKI SHA 244 ,256 and Windows 2008 R2

Posted on 2014-01-16
7
Medium Priority
?
1,130 Views
Last Modified: 2014-01-17
Hi All,

Looking for help.
We want to deploy another VPN network for UK region.
We want to issue RClient certificate with SHA 224 hash Alg.
I checked in windows 2008R2 and found it did not have SHA224 hash alg support.
I see Microsoft Security Advisory (2880823) this replace SHA1 and can issue SHA2 Hash Alg support.i am not getting options to download the hotfix.
Can you please help to know whether the current release Win 2008R2 Ent support SHA224 Hash, if not do we need to have any other additional hotfix ? if yes please send me the link if you have already done the same or sugg how to download manually.

Regards,
Skumar
0
Comment
Question by:Skumar_CCSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39787646
Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.

hence for Vista and above (2008 R2 in your case) no hotfix is required

Check below articles
http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
http://mailedge.jimdo.com/2012/02/13/what-are-sha-2-certificates/

You can try with SHA 256 algorithm since SHA 224 is not available with 2008 R2

Mahesh
0
 

Author Comment

by:Skumar_CCSA
ID: 39787648
Hi Mahesh,

I saw this option, but client is specific for SHA 224.

I have Microsoft Security Advisory (2880823), not installed yet and not sure after installing this hotfix it will support 224. Do you aware SHA 224 support Win 2012 server ?

Regards,
Skumar.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39787727
Its not present in 2012 server either, its have SHA 256

You can check with 3rd party certificate authority such as Entrust, verisign, they might help you with  SHA 224 Algorithm

Also MS is about to phase out SHA1 for security reasons,  basically that article suggests you to upgrade your certs to SHA2, but its not address your specific requirement SHA 224


Mahesh
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:Skumar_CCSA
ID: 39787733
Hi Mahesh...
3rd party certificates not required.
We want to deploy own CA.
you have any other which can help what type of Hash algorothm support in windows with comparision tabel.


Regards,Skumar.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1500 total points
ID: 39787777
Check below article for hash algorithms

http://en.wikipedia.org/wiki/SHA-2

Really i don't seen anywhere SHA 224 that can be requested from client and issued from server and geting beyond my skillsets.

Probbaly some cryptographic expert can help you with some kind of code or hack to achieve that

OR

You could raise this question in Technet Blogs for best possible work arounds or can open advisory case with MS to identify root cause and workaround if any

Mahesh
0
 

Author Comment

by:Skumar_CCSA
ID: 39787966
Hi mahesh....
your link helped me to understand more...
i have deployed SHA256...
it works fine...
0
 

Author Closing Comment

by:Skumar_CCSA
ID: 39787967
the shared link is useful...
thanks.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question