browser end of SHA1 support


Userlevel 7
As far as I've read a lot of browser will end the support for SHA1 certifcates next year.

Is there a official document / warning which products are affected and how to generate SHA2 certificates.

I.e. how could I change the factory installed self signed certificate on ExtremeWireless.
I know I'd generate a cert signing request and generate one from my CA but what about small installations without a CA - how could I generate a new self signed cert on the controller with SHA2.

-Ron

3 replies

Userlevel 6
Hey Ronald,

I know that this has been fixed in the 7.x version of code for NAC. New deployments on 7.0 will have SHA256 certificates for captive portal, RADIUS, and Internal Communications. Not sure, if this has been fixed for wireless but NAC should be unaffected by SHA1 deprecation.

If you installed NAC when it was issuing SHA1 certificates they can be easily regenerated.

Thanks
-Ryan
Userlevel 6
Hi,

these days i have a customer who wants to know if he can change SHA1 / AES Encryption for SNMPV3 into SHA2 / AES 128 ?!

Is supporting SHA2 snmp encrpytion a current topic on Extreme stuff (wireless controller or EOS or EXOS switches). Is this expected in the near future ?

Regards
Userlevel 6
M.Nees wrote:

Hi,

these days i have a customer who wants to know if he can change SHA1 / AES Encryption for SNMPV3 into SHA2 / AES 128 ?!

Is supporting SHA2 snmp encrpytion a current topic on Extreme stuff (wireless controller or EOS or EXOS switches). Is this expected in the near future ?

Regards

There is also a RFC which specify the demand:
https://tools.ietf.org/html/rfc7630

Reply