For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dean_01_141460's avatar
Dean_01_141460
Icon for Nimbostratus rankNimbostratus
Apr 17, 2014

Network Solutions ssl csr with F5 11.5.1

We have purchased our certs from Network Solutions in the past and we recently upgraded to 11.5.1. When I go to post the csr into Network Solutions form I get a error stating "The CSR provided uses a...
application delivery
clientssl
deployment
LTM
security
Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Apr 21, 2014

Honestly you should be wanting to move your signing algorithms to SHA2 anyway. Microsoft has already announced that deprecation date for SHA1 as 1/1/2016 and that by 1/1/2017 Windows will not accept any SHA1 signed certificates.

 

http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

 

Also you can reference this NIST guidance for moving forward as well. If you want to take the time to read through it :)

 

http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf

 

Personally I would questions your CA as to why they will not allow you to use a more secure algorithm. I can understand allowing for you as the customer to choose to issue at SHA1 for compatibility issues, but not even allowing SHA2 as a choice seems like a bad decision to me. I am currently issuing everything as SHA2 unless there is a technical limitation on a server that requires SHA1.