× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



You don't need to be concerned with SHA 1 signatures on root certificates. The signature on a certificate is used to verify where it came from - i.e who issued/created it. Root certs have no issuer - they sign themselves so there's nothing of consequence to check against. I googled up a document for you - it might help ease your concerns.

https://www.entrust.com/need-sha-2-signed-root-certificates/


On 5/9/2016 6:51 PM, Raul A Jager W wrote:
From what you wrote, I understand that I don't need to be concerned
about the SHA 1 from VeriSign (yet?)
There are warnings against the use of SHA 1, if it is not a big deal I
will like to change as soon as possible, but since I have no experience
I searched for advise in this list.

On 05/09/2016 12:22 PM, Tim Bronski wrote:
I'm not sure you've read what I wrote - or maybe I wasn't clear :)
Your certificate is ultimately signed by the Verisign Class 3 Public
Primary Certification Authority – G5. This is Symantec's root. Unless
you want to dump your certificate and get another one from a different
CA then there's nothing to be done and nothing to be concerned about.
As for the error messages, I don't know.*
*


On 5/9/2016 6:12 PM, Raul A Jager W wrote:
VeriSign provides also teh SHA 2 certificate.
If installing that will not invalidate anything I will rather do it now,
not wait until it does cause a problem.

I have a lot of messages in the error log:
ZSRV_MSG0214: Certificado formateado incorrectamente o no válido, error
= 415.
ZSRV_MSG0281: SSL:
201.217.12.126.
ZSRV_MSG0214: Certificado formateado incorrectamente o no válido, error
= 415.
ZSRV_MSG0281: SSL:
131.161.254.18.

Two or three each second, Can they be caused by the SHA 1 certificate?
_____________________________________________________________________________________

On 05/09/2016 11:42 AM, Tim Bronski wrote:
There's nothing for you to do. The root certificate (Verisign) has a
SHA1 signature. For now that's what Verisign are using to sign
intermediate certs. There's no security reason for them to change
that. No one will ding you for it.


On 5/9/2016 5:23 PM, Raul A Jager W wrote:
Thank you Tim, I found:

Issued to: Symantec Class 3 Secure Server SHA256 SSL CA
Issued by: VeriSign Universal Root Certification Authority
Valid from: 4/8/2013 to 4/8/2023
Serial Number: ‎‎‎‎69 87 94 19 d9 e3 62 70 74 9d bb e5 9d c6 68 5e

Intermediate CA
And a certificate in a rectangle in grey background.
Can I donload it an install it with DCM?
Do I need to do something else?
___________________________________________________________________


On 05/09/2016 10:23 AM, Tim Bronski wrote:
You cannot just "replace" a certificate in a chain. If an
intermediate
certificate is revoked or otherwise invalidated then all subordinate
certificates signed by that certificate will need to be replaced with
new ones. In your case however the SHA1 signed certificate is the
root
certificate. A root certificate isn't validated by its signature; the
fact that it's the root is trust enough.

On 5/9/2016 4:02 PM, Raul A Jager W wrote:
I just put my new in line and when I verified the SSL I found an
intermediate certificate that uses SHA1. The server is working,
but I
will like to resolve this issue.

The i is in v7.2, and you can see the details of the problem
clicking on
the lock for https://i5.abc.com.py

Can I just install a new intermediate certificate? Where can I find
it?
Is there some special procedure for the i to use the new certiicate?

TIA
Raúl

-- Este e-mail fue enviado desde el Mail Server del diario ABC
Color --
-- Verificado por Anti-Virus Corporativo Symantec --
-- Este e-mail fue enviado desde el Mail Server del diario ABC
Color --
-- Verificado por Anti-Virus Corporativo Symantec --
-- Este e-mail fue enviado desde el Mail Server del diario ABC Color --
-- Verificado por Anti-Virus Corporativo Symantec --

-- Este e-mail fue enviado desde el Mail Server del diario ABC Color --
-- Verificado por Anti-Virus Corporativo Symantec --


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.