Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6025: SHA-2 Certificate Support

27 January,16 at 08:38 PM

Applies to: 

All supported versions of Centrify DirectControl on all supported platforms. 

Question:

Is SHA-2 supported by Centrify DirectControl?


Answer:

SHA-2 for signing the Certificate Signing Request (CSR) in certificate auto-enrollment is supported as of Server Suite 2015.1 (DirectControl 5.2.3). Centrify DirectControl agents themselves do not need certificate since they use Kerberos.
               
If a migration away from SHA-1 is planned, DirectControl agents (5.2.2 and older) should not be affected as long as features which depend on machine or user certificate are not used. Features which require certificates include the following: LDAPS, SmartCards, DirectSecure, WiFi profiles (Mac), and Ethernet profiles (Mac).
If any of the above features are needed with SHA-2 signed certificates, DirectControl needs to be upgraded to 5.2.3 or later.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.