What is Intranet Server Certificate Certification Authority (ISCCA) CA SHA-256?

What is Intranet Server Certificate Certification Authority (ISCCA) CA SHA-256?
litmicAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
If you use SSL certificates on intranet sites with internal server names, they may not work from 11 November 2015.  ref - https://cabforum.org/internal-names/

For internal names not covered by the above-referenced ICANN gTLD process, on November 11, 2015, the issuance of certificates with a reserved IP address or internal server name is prohibited.  On October 1, 2016, all publicly trusted SSL/TLS certificates with an internal name or reserved IP address will be revoked and/or blocked by browser software.

Imagine you have a server on your network. It may have an IP address that is resolvable on the internet, but it’s more likely to have an address that is only valid on the local network, such as 192.168.1.1. It is also likely to have a domain name that is only resolvable on the local network, such as https://intranet.local or https://mail.

Certification Authority/Browser Forum (CA/B Forum) have decided to cease issuing certificates without a Fully Qualified Domain Name (FQDN).

And the so called "ISCCA SHA-256" is saying minimal SHA-256 for CA certificate to be issued. The CA SHALL meet the technical requirements set forth in Appendix A - Cryptographic Algorithm and Key Requirements - ref v1.1.8 baseline from CA Forum- https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1_1_8.pdf

e.g. Digest algorithm for Root CA Certificates, Subordinate CA Certificates, Subscriber Certificates

* SHA-1 MAY be used with RSA keys until SHA-256 is supported widely by browsers used by a substantial
portion of relying-parties worldwide.

** A Root CA Certificate issued prior to 31 Dec. 2010 with an RSA key size less than 2048 bits MAY still serve as
a trust anchor for Subscriber Certificates issued in accordance with these Requirements.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crackitCommented:
I have a 2012 R2 server running Certificate Authority snap-in.
I want to do a filter on a specific Certificate Template which i know exists in the 'Issued Certificates' folder.
All the documentation i can find seems to suggest i copy the certificate name and use this in the View Filter.
1). I add the 'Certificate Template' option into the Field drop-down.
2). I leave the Operation as the '=' symbol
3). I past in just the name of the template in question. for example: 'my computers'

The search results always come back blank 'There are no items to show in this view.' even when i know there are many instances of this template.

Anybody know what i'm doing wrong?
I seem to be getting nowhere with this one.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.