Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6025: SHA-2 Certificate Support

27 January,16 at 08:38 PM

Applies to: 

All supported versions of Centrify DirectControl on all supported platforms. 

Question:

Is SHA-2 supported by Centrify DirectControl?


Answer:

SHA-2 for signing the Certificate Signing Request (CSR) in certificate auto-enrollment is supported as of Server Suite 2015.1 (DirectControl 5.2.3). Centrify DirectControl agents themselves do not need certificate since they use Kerberos.
               
If a migration away from SHA-1 is planned, DirectControl agents (5.2.2 and older) should not be affected as long as features which depend on machine or user certificate are not used. Features which require certificates include the following: LDAPS, SmartCards, DirectSecure, WiFi profiles (Mac), and Ethernet profiles (Mac).
If any of the above features are needed with SHA-2 signed certificates, DirectControl needs to be upgraded to 5.2.3 or later.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6180: Troubleshooting SSH Connection Problems Preauth articleCentrify® Cloud 16.5 Release Notes articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-2798: How to setup a workstation-authentication certificate for auto-enrollment for Mac OS X. articleKB-7393: How to configure the updated 2016.1 DirectControl agent to support MFA over HTTPS to the Cloud Connector articleKB-3415: How to enable Smart Card logon support on RedHat environments articleKB-7155: Does DirectSecure supports X.509 v3 certificate type? articleKB-22952: After upgrading to 19.6 on Solaris 11.x, ca-certificate service goes into a degraded state articleKB-2844: Cloud Proxy unable to establish connection. Error: Certificate cannot not be verified