Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6025: SHA-2 Certificate Support

27 January,16 at 08:38 PM

Applies to: 

All supported versions of Centrify DirectControl on all supported platforms. 

Question:

Is SHA-2 supported by Centrify DirectControl?


Answer:

SHA-2 for signing the Certificate Signing Request (CSR) in certificate auto-enrollment is supported as of Server Suite 2015.1 (DirectControl 5.2.3). Centrify DirectControl agents themselves do not need certificate since they use Kerberos.
               
If a migration away from SHA-1 is planned, DirectControl agents (5.2.2 and older) should not be affected as long as features which depend on machine or user certificate are not used. Features which require certificates include the following: LDAPS, SmartCards, DirectSecure, WiFi profiles (Mac), and Ethernet profiles (Mac).
If any of the above features are needed with SHA-2 signed certificates, DirectControl needs to be upgraded to 5.2.3 or later.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6180: Troubleshooting SSH Connection Problems Preauth articleCentrify® Cloud 16.5 Release Notes articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-7393: How to configure the updated 2016.1 DirectControl agent to support MFA over HTTPS to the Cloud Connector articleKB-3415: How to enable Smart Card logon support on RedHat environments articleKB-7155: Does DirectSecure supports X.509 v3 certificate type? articleKB-2844: Cloud Proxy unable to establish connection. Error: Certificate cannot not be verified articleWhen using a Smart card on Linux, and getting “This certificate (or its chain) is not valid" articleKB-5275: How to capture network traffic from iOS devices using Fiddler