How To Change The Zentyal Certificate Algorithm From SHA-1 To SHA256

How To Change The Zentyal Certificate Algorithm From SHA-1 To SHA256

Get Social!

logo-zentyal-blackAs of Zentyal version 4.2 the bundled certificate authority (CA) module is creating signed certificates using the SHA-1 algorithm which is an old algorithm and pretty much deprecated.

Google Chrome, for example, will give a warning when accessing any SSL page that’s encrypted stating that your connection is not secure.

SSL Certificates created now should, as a minimum, use the the SHA256 algorithm to ensure encrypted connections are kept private. To change Zentyal to use the SHA256 algorithm, you’ll need to make a small edit to your openssl.cnf file.

vi /var/lib/zentyal/conf/openssl.cnf

And look for default_md within the file. It will currently show as sha1 like below:

default_md = sha1

Edit the value and enter sha256.

default_md = sha256

You’ll then need to log into the Zentyal Admin site and revoke and re-issue all of your sha1 certificates.

I’ve submitted a pull request on Github to have the default changed for new installations.


Visit our advertisers

Quick Poll

How often do you change the password for the computer(s) you use?

Visit our advertisers