ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Encryption Management Server and compatibility with SSL Certificate Signing Requests using SHA-256 signing algorithm

book

Article ID: 161183

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

By default Symantec Encryption Management Server (SEMS) 3.3.x and below used SHA-1 for the signing algorithm of the SSL certificate. 

SEMS 3.4.0 and above now use SHA256 by default.

Resolution

Starting with Symantec Encryption Management Server 3.4, the CSRs use SHA-256 by default.

As all Certificate Authorities allow using SHA-256 as the signing algorithm for these Certificate Signing Requests generated by Symantec Encryption Management Server, this is fully supported on all versions of Symantec Encryption Management Server 3.3.x and above.

Symantec Encryption Management Server is fully compatible with SSL certificates using SHA-256 as the signing algorithm.  Although Symantec Encryption Management Server 3.3.x does not display an option to use SHA-256, and will not automatically generate the SHA-256 field for the Certificate Signing Request, however, upon submitting the Certificate Signing Request, if the Certificate Authority offers SHA-256 as an option, choosing this option can be used for the certificate provided, and the resulting certificate can then be used.

 

 

For example, some Certificate Authorities, offer a choice for which signing algorithm to use.  If the option for SHA-256 is available through the Certificate Authority, selecting this option will be fully compatible with Symantec Encryption Management Server.