For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Danish202_17040's avatar
Danish202_17040
Icon for Nimbostratus rankNimbostratus
Jan 07, 2015

Hash Algorithm upgradation..Want to upgraded SHA1 certificate.

Hash Algorithm upgradation..Want to upgrade SHA1 certificate.   Can anyone suggest me 1. Points to consider before SHA1 certificate upgradation . 2. If SSL offloading(SSL termination) is configure...
Chase_Abbott's avatar
Chase_Abbott
Icon for Admin rankAdmin
Jan 07, 2015

You're updating an existing SHA1 cert to SHA2? Shouldn't be an issue. Scenarios:

 

  1. You're reissuing the certificate and reusing the CSR/Key. A. Export the Key and upload the new cert/key pair B. You probably will receive a new CA Chain. Make sure to upload that as well. The new Entrust SHA2 chain is 3 certs long with the offline root being a SHA1.

     

  2. You're receiving a new PFX file. A. Just import and boom, you're done. It may or may not contain the CA chain but I would recommend uploading the chain separately.

     

If you're terminating SSL, no issue there either. Termination or bridging, BigIP will support old and new methods for testing. Validate the ciphers being used against your version of BigIP; here's 11.x.