Forum Discussion
kridsana_52318
Apr 24, 2015Nimbostratus
F5 dual-certificate deployment to fix SHA-1 Deprecate issue
Hi
From this information SHA-1 Deprecate >> link from qualys
My customer sha-1 certificate is mark as insecure already. (He using APM and certificate expire on 2018)
If we renew certi...
nitass_89166
Noctilucent
i do see ivan mentioned apache uses two key types to support sha1 and sha256. can you also do that? it is supported since 11.5.0.
Ivan Ristic Oct 20, 2014 1:48 AM (in response to BRYAN S.G.)
Bryan, here are two pages from my book, Bulletproof SSL and TLS, that show how to use multiple keys with Apache: http://blog.ivanristic.com/downloads/bulletproof-ssl-and-tls_configuring-multiple-keys.pdf
Because this feature wasn't intended to be used to with around SHA1 issues, you can't have two RSA certificates, one with SHA1 and the other with SHA256. So you'd have to use RSA/SHA1 and ECDSA/SHA256.
sol15062: Associating multiple SSL certificate/key pair types with an SSL profile
https://support.f5.com/kb/en-us/solutions/public/15000/000/sol15062.htmlkridsana
Apr 27, 2015Cirrocumulus
So I need to add new certificate/key pair which use SHA256 in Key exchange mechanism into Client SSL profile .
And change cipher suit to ex. DEFAULT:SHA256 , something like that, Am I right?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects