Solved

PKI SHA 244 ,256 and Windows 2008 R2

Posted on 2014-01-16
7
1,075 Views
Last Modified: 2014-01-17
Hi All,

Looking for help.
We want to deploy another VPN network for UK region.
We want to issue RClient certificate with SHA 224 hash Alg.
I checked in windows 2008R2 and found it did not have SHA224 hash alg support.
I see Microsoft Security Advisory (2880823) this replace SHA1 and can issue SHA2 Hash Alg support.i am not getting options to download the hotfix.
Can you please help to know whether the current release Win 2008R2 Ent support SHA224 Hash, if not do we need to have any other additional hotfix ? if yes please send me the link if you have already done the same or sugg how to download manually.

Regards,
Skumar
0
Comment
Question by:Skumar_CCSA
  • 4
  • 3
7 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39787646
Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.

hence for Vista and above (2008 R2 in your case) no hotfix is required

Check below articles
http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
http://mailedge.jimdo.com/2012/02/13/what-are-sha-2-certificates/

You can try with SHA 256 algorithm since SHA 224 is not available with 2008 R2

Mahesh
0
 

Author Comment

by:Skumar_CCSA
ID: 39787648
Hi Mahesh,

I saw this option, but client is specific for SHA 224.

I have Microsoft Security Advisory (2880823), not installed yet and not sure after installing this hotfix it will support 224. Do you aware SHA 224 support Win 2012 server ?

Regards,
Skumar.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39787727
Its not present in 2012 server either, its have SHA 256

You can check with 3rd party certificate authority such as Entrust, verisign, they might help you with  SHA 224 Algorithm

Also MS is about to phase out SHA1 for security reasons,  basically that article suggests you to upgrade your certs to SHA2, but its not address your specific requirement SHA 224


Mahesh
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:Skumar_CCSA
ID: 39787733
Hi Mahesh...
3rd party certificates not required.
We want to deploy own CA.
you have any other which can help what type of Hash algorothm support in windows with comparision tabel.


Regards,Skumar.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39787777
Check below article for hash algorithms

http://en.wikipedia.org/wiki/SHA-2

Really i don't seen anywhere SHA 224 that can be requested from client and issued from server and geting beyond my skillsets.

Probbaly some cryptographic expert can help you with some kind of code or hack to achieve that

OR

You could raise this question in Technet Blogs for best possible work arounds or can open advisory case with MS to identify root cause and workaround if any

Mahesh
0
 

Author Comment

by:Skumar_CCSA
ID: 39787966
Hi mahesh....
your link helped me to understand more...
i have deployed SHA256...
it works fine...
0
 

Author Closing Comment

by:Skumar_CCSA
ID: 39787967
the shared link is useful...
thanks.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now