How To Change The Zentyal Certificate Algorithm From SHA-1 To SHA256
Category : How-to
As of Zentyal version 4.2 the bundled certificate authority (CA) module is creating signed certificates using the SHA-1 algorithm which is an old algorithm and pretty much deprecated.
Google Chrome, for example, will give a warning when accessing any SSL page that’s encrypted stating that your connection is not secure.
SSL Certificates created now should, as a minimum, use the the SHA256 algorithm to ensure encrypted connections are kept private. To change Zentyal to use the SHA256 algorithm, you’ll need to make a small edit to your openssl.cnf file.
vi /var/lib/zentyal/conf/openssl.cnf
And look for default_md within the file. It will currently show as sha1 like below:
default_md = sha1
Edit the value and enter sha256.
default_md = sha256
You’ll then need to log into the Zentyal Admin site and revoke and re-issue all of your sha1 certificates.
I’ve submitted a pull request on Github to have the default changed for new installations.