SSL SHA2

[Janko1000]

Is it possible to change to SHA2?
Chrome and other browsers will warn visitors!
SHA1 is obsolet.

 

[UFHH01]

Sure, Janko1000,

please use the integrated openssl tools from Linux and see the manual pages, and/or try the command:

openssl --help​

 

[Janko1000]

Yea, i know i can use direct Linux Commands. But what should the customer use?

 

[UFHH01]

You can give each customer ssh - access in a chroot environment with restricted rights to /usr/bin/openssl

 

[Janko1000]

That's not really practical in real Life.
Most Customers have not much KnowHow.....

 

[UFHH01]

Well, sorry to say that, but most administrators provide FAQs / a wiki / or a Knowledgebase for their customers. You could write a short how-To / tutorial and inform your customer per eMail about it as well. There are as well some online generators, which you can link to, or provide your own ssl - creation - script on your buisness - domain.

The browser warning is just a warning--- nothing else. All SHA1 certificates valid untill 2016 are secure and will just be defined as "weak", but still do, what they are supposed to do.


Online generator - link example: https://www.ssl247.co.uk/support/tools/openssl-csr-wizard

Qualys Inc informations: https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know