Forum Discussion
Akhtar_109015
Nimbostratus
NimbostratusSHA-2 issues in client SSL profile
Hello,
I am into an issue where I apply SHA-2 certificate in the client profile the SSL session doesn't complete and webpage doesn't open. But it works fine with SHA-1 certificate. We are runnin...
Naveen_j_145178Nimbostratus
NimbostratusHi Akhtar,
The issue is with OS or Browser. clients such as Windows XP SP2 are unable to verify such certificates. one way to figure out is: Let client connect to a VS with a SHA1 cert. Check the User-Agent string. If it's a good browser (it supports SHA256 cert), redirect it to a different VS with a SHA256 cert, otherwise just balance the request or send an error message.
This does not work properly, if the users are connecting through a proxy.
So i suggest to determine if the browser making the request supports or not.As far i know,IE running on XP with SP3 will support the SHA2 certificates(not SNI data).
So you would need to terminate the non supported browsers with a weaker certificate and then present the client with an alternate page that gave the option to click through if they confirmed that SP3 was installed on or something along those lines.