All supported versions of Centrify DirectControl on all supported platforms.
Question:
Is SHA-2 supported by Centrify DirectControl?
Answer:
SHA-2 for signing the Certificate Signing Request (CSR) in certificate auto-enrollment is supported as of Server Suite 2015.1 (DirectControl 5.2.3). Centrify DirectControl agents themselves do not need certificate since they use Kerberos.
If a migration away from SHA-1 is planned, DirectControl agents (5.2.2 and older) should not be affected as long as features which depend on machine or user certificate are not used. Features which require certificates include the following: LDAPS, SmartCards, DirectSecure, WiFi profiles (Mac), and Ethernet profiles (Mac). If any of the above features are needed with SHA-2 signed certificates, DirectControl needs to be upgraded to 5.2.3 or later.