Upgrade CA server from SHA1 to SHA256
Article ID: CTX316571
Updated On:
Description
The objective of this article is to explain what SHA-1 is and how to upgrade the XM (XenMobile) server with SHA-1 based Certificate
Instructions
CA Server Upgrade from SHA1 to SHA256SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as a hexadecimal number, 40 digits long.
Important Note: Before performing SHA1 to SHA256 upgrade, take a Full CA server backup along with VM snapshot of XMS / NetScaler and SQL DB full backup.
Since this is not an immediate threat, Citrix encourages administrators to migrate to SHA256 if feasible. CA admin can follow below ref. article to update the CA server algorithm from SHA1 to SHA256.
Once the CA Server algorithm is upgraded to SHA256, make sure to update the Root CA certificate on the CA server & Subordinate/intermediates CA's
Below is the link for the step by step instruction for upgrading to SHA256 (PDF): https://citrix.sharefile.com/d-s71c02d930b84e6fb
Environment
Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
Additional Information
Citrix Resources
- Removed Features: https://docs.citrix.com/en-us/citrix-endpoint-management/whats-new/removed-features.html
- Product PDF: https://docs.citrix.com/en-us/citrix-endpoint-management/citrix-endpoint-management.pdf
Microsoft Resources
- SHA1 Key Migration to SHA256 for a two tier PKI hierarchy: https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/sha1-key-migration-to-sha256-for-a-two-tier-pki-hierarchy/ba-p/400338
- Renewing Certification Authorities: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc962077(v=technet.10)?redirectedfrom=MSDN
- Removed Features: https://docs.citrix.com/en-us/citrix-endpoint-management/whats-new/removed-features.html
- Product PDF: https://docs.citrix.com/en-us/citrix-endpoint-management/citrix-endpoint-management.pdf
Microsoft Resources
- SHA1 Key Migration to SHA256 for a two tier PKI hierarchy: https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/sha1-key-migration-to-sha256-for-a-two-tier-pki-hierarchy/ba-p/400338
- Renewing Certification Authorities: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc962077(v=technet.10)?redirectedfrom=MSDN
Was this article helpful?
Yes
No
Powered by
