Solved

PKI SHA 244 ,256 and Windows 2008 R2

Posted on 2014-01-16
7
1,088 Views
Last Modified: 2014-01-17
Hi All,

Looking for help.
We want to deploy another VPN network for UK region.
We want to issue RClient certificate with SHA 224 hash Alg.
I checked in windows 2008R2 and found it did not have SHA224 hash alg support.
I see Microsoft Security Advisory (2880823) this replace SHA1 and can issue SHA2 Hash Alg support.i am not getting options to download the hotfix.
Can you please help to know whether the current release Win 2008R2 Ent support SHA224 Hash, if not do we need to have any other additional hotfix ? if yes please send me the link if you have already done the same or sugg how to download manually.

Regards,
Skumar
0
Comment
Question by:Skumar_CCSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39787646
Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.

hence for Vista and above (2008 R2 in your case) no hotfix is required

Check below articles
http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
http://mailedge.jimdo.com/2012/02/13/what-are-sha-2-certificates/

You can try with SHA 256 algorithm since SHA 224 is not available with 2008 R2

Mahesh
0
 

Author Comment

by:Skumar_CCSA
ID: 39787648
Hi Mahesh,

I saw this option, but client is specific for SHA 224.

I have Microsoft Security Advisory (2880823), not installed yet and not sure after installing this hotfix it will support 224. Do you aware SHA 224 support Win 2012 server ?

Regards,
Skumar.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39787727
Its not present in 2012 server either, its have SHA 256

You can check with 3rd party certificate authority such as Entrust, verisign, they might help you with  SHA 224 Algorithm

Also MS is about to phase out SHA1 for security reasons,  basically that article suggests you to upgrade your certs to SHA2, but its not address your specific requirement SHA 224


Mahesh
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:Skumar_CCSA
ID: 39787733
Hi Mahesh...
3rd party certificates not required.
We want to deploy own CA.
you have any other which can help what type of Hash algorothm support in windows with comparision tabel.


Regards,Skumar.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39787777
Check below article for hash algorithms

http://en.wikipedia.org/wiki/SHA-2

Really i don't seen anywhere SHA 224 that can be requested from client and issued from server and geting beyond my skillsets.

Probbaly some cryptographic expert can help you with some kind of code or hack to achieve that

OR

You could raise this question in Technet Blogs for best possible work arounds or can open advisory case with MS to identify root cause and workaround if any

Mahesh
0
 

Author Comment

by:Skumar_CCSA
ID: 39787966
Hi mahesh....
your link helped me to understand more...
i have deployed SHA256...
it works fine...
0
 

Author Closing Comment

by:Skumar_CCSA
ID: 39787967
the shared link is useful...
thanks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question