Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6025: SHA-2 Certificate Support

27 January,16 at 08:38 PM

Applies to: 

All supported versions of Centrify DirectControl on all supported platforms. 

Question:

Is SHA-2 supported by Centrify DirectControl?


Answer:

SHA-2 for signing the Certificate Signing Request (CSR) in certificate auto-enrollment is supported as of Server Suite 2015.1 (DirectControl 5.2.3). Centrify DirectControl agents themselves do not need certificate since they use Kerberos.
               
If a migration away from SHA-1 is planned, DirectControl agents (5.2.2 and older) should not be affected as long as features which depend on machine or user certificate are not used. Features which require certificates include the following: LDAPS, SmartCards, DirectSecure, WiFi profiles (Mac), and Ethernet profiles (Mac).
If any of the above features are needed with SHA-2 signed certificates, DirectControl needs to be upgraded to 5.2.3 or later.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6642: Getting started with 802.1X for Mac - Configuration Overview articleKB-2798: How to setup a workstation-authentication certificate for auto-enrollment for Mac OS X. articleKB-7155: Does DirectSecure supports X.509 v3 certificate type? articleKB-7393: How to configure the updated 2016.1 DirectControl agent to support MFA over HTTPS to the Cloud Connector articleKB-7074: Why is Centrify changing IWA, what changes are being made, and how can I ensure IWA continues to work as expected post 16.7? articleKB-2115: Is there a GP to install root CA certificate into Mac system keychain? articleKB-4112: Does Centrify support certificate enrollment through a static port from the CA? articleKB-6180: Troubleshooting SSH Connection Problems Preauth