Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1147
  • Last Modified:

PKI SHA 244 ,256 and Windows 2008 R2

Hi All,

Looking for help.
We want to deploy another VPN network for UK region.
We want to issue RClient certificate with SHA 224 hash Alg.
I checked in windows 2008R2 and found it did not have SHA224 hash alg support.
I see Microsoft Security Advisory (2880823) this replace SHA1 and can issue SHA2 Hash Alg support.i am not getting options to download the hotfix.
Can you please help to know whether the current release Win 2008R2 Ent support SHA224 Hash, if not do we need to have any other additional hotfix ? if yes please send me the link if you have already done the same or sugg how to download manually.

Regards,
Skumar
0
Skumar_CCSA
Asked:
Skumar_CCSA
  • 4
  • 3
1 Solution
 
MaheshArchitectCommented:
Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.

hence for Vista and above (2008 R2 in your case) no hotfix is required

Check below articles
http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
http://mailedge.jimdo.com/2012/02/13/what-are-sha-2-certificates/

You can try with SHA 256 algorithm since SHA 224 is not available with 2008 R2

Mahesh
0
 
Skumar_CCSAAuthor Commented:
Hi Mahesh,

I saw this option, but client is specific for SHA 224.

I have Microsoft Security Advisory (2880823), not installed yet and not sure after installing this hotfix it will support 224. Do you aware SHA 224 support Win 2012 server ?

Regards,
Skumar.
0
 
MaheshArchitectCommented:
Its not present in 2012 server either, its have SHA 256

You can check with 3rd party certificate authority such as Entrust, verisign, they might help you with  SHA 224 Algorithm

Also MS is about to phase out SHA1 for security reasons,  basically that article suggests you to upgrade your certs to SHA2, but its not address your specific requirement SHA 224


Mahesh
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Skumar_CCSAAuthor Commented:
Hi Mahesh...
3rd party certificates not required.
We want to deploy own CA.
you have any other which can help what type of Hash algorothm support in windows with comparision tabel.


Regards,Skumar.
0
 
MaheshArchitectCommented:
Check below article for hash algorithms

http://en.wikipedia.org/wiki/SHA-2

Really i don't seen anywhere SHA 224 that can be requested from client and issued from server and geting beyond my skillsets.

Probbaly some cryptographic expert can help you with some kind of code or hack to achieve that

OR

You could raise this question in Technet Blogs for best possible work arounds or can open advisory case with MS to identify root cause and workaround if any

Mahesh
0
 
Skumar_CCSAAuthor Commented:
Hi mahesh....
your link helped me to understand more...
i have deployed SHA256...
it works fine...
0
 
Skumar_CCSAAuthor Commented:
the shared link is useful...
thanks.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now