Forum Discussion
nitass_89166
Noctilucent
i do see ivan mentioned apache uses two key types to support sha1 and sha256. can you also do that? it is supported since 11.5.0.
Ivan Ristic Oct 20, 2014 1:48 AM (in response to BRYAN S.G.)
Bryan, here are two pages from my book, Bulletproof SSL and TLS, that show how to use multiple keys with Apache: http://blog.ivanristic.com/downloads/bulletproof-ssl-and-tls_configuring-multiple-keys.pdf
Because this feature wasn't intended to be used to with around SHA1 issues, you can't have two RSA certificates, one with SHA1 and the other with SHA256. So you'd have to use RSA/SHA1 and ECDSA/SHA256.
sol15062: Associating multiple SSL certificate/key pair types with an SSL profile
https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15062.htmlkridsana
Apr 27, 2015Cirrocumulus
So I need to add new certificate/key pair which use SHA256 in Key exchange mechanism into Client SSL profile .
And change cipher suit to ex. DEFAULT:SHA256 , something like that, Am I right?