Tuesday, September 29, 2015

SHA1 Self Signed Certificates in IIS

If you have ever created a Self Signed Certificate in IIS (or using SelfSSL7) you may discover that the Self Signed Certificate you created only supports SHA1!!

However, as you may well know, SHA1 is being deprecated in favor of SHA256 certificates (http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx) and if you are using an SHA1 SSL certificate, you may get a browser warning such as the following:

Therefore, in order to avoid using an SHA1 SSL Certificate, you will have to resort to setting up your own hosted Windows Certificate Services which supports SHA256 SSL Certificates.

If you want Windows to support Self Signed SHA256 SSL Certificates, then you should vote for this UserVoice item: https://windowsserver.uservoice.com/forums/310252-iis-and-web-server-role/suggestions/9979233-provide-support-for-sha256-self-signed-certificate

No comments:

Post a Comment