browser end of SHA1 support

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
As far as I've read a lot of browser will end the support for SHA1 certifcates next year.

Is there a official document / warning which products are affected and how to generate SHA2 certificates.

I.e. how could I change the factory installed self signed certificate on ExtremeWireless.
I know I'd generate a cert signing request and generate one from my CA but what about small installations without a CA - how could I generate a new self signed cert on the controller with SHA2.

Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 42,280 Points 20k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 4,240 Points 4k badge 2x thumb
Hey Ronald, 

I know that this has been fixed in the 7.x version of code for NAC. New deployments on 7.0 will have SHA256 certificates for captive portal, RADIUS, and Internal Communications.  Not sure, if this has been fixed for wireless but NAC should be unaffected by SHA1 deprecation. 

If you installed NAC when it was issuing SHA1 certificates they can be easily regenerated.

Photo of M.Nees

M.Nees, Embassador

  • 8,736 Points 5k badge 2x thumb

these days i have a customer who wants to know if he can change SHA1 / AES Encryption for SNMPV3 into SHA2 / AES 128 ?!

Is supporting SHA2 snmp encrpytion a current topic on Extreme stuff (wireless controller or EOS or EXOS switches). Is this expected in the near future ?

Photo of M.Nees

M.Nees, Embassador

  • 8,736 Points 5k badge 2x thumb
There is also a RFC which specify the demand: