Signature algorithm SHA1 is being deprecated

Avatar
expand collapsive

I have come across a thread which states that the signature algorithm SHA-1 is being deprecated. Is this true?

All Replies

  • Avatar

    Akachi

    Participant

    Akachi

    Participant

    I have read an article too which talked about the same. It seems that that the certificates with the SHA-1 hashing algorithm are not secure and can be easily be exploited by attackers.

  • Avatar

    Finley

    Participant

    Finley

    Participant

    I guess it’ll be better to replace all your certificates using SHA-1 algorithm with better alternatives as it could lead to security issues.

  • Avatar

    Isabis

    Participant

    Isabis

    Participant

    I had been trying to get the details of the already deployed certificates from the Hexnode portal but I was not able to find out the Algorithm used in the certificates.

  • Avatar

    Akachi

    Participant

    Akachi

    Participant

    Can you try checking the policy with which the certificate has been associated? I think you will be able to find an option to view the certificate details.

  • Avatar

    Isabis

    Participant

    Isabis

    Participant

    I did try checking that option inside polices, but I could only find the name of the issuer and the expiry date of the certificate. Can you help me how to find the signature algorithm for my certificates?

  • Chris Coleman

    Chris Coleman

    Hexnode

    Chris Coleman

    Moderator

    Hi Isabis,

    Thank you for reaching out to us!

    I’d like to bring to your notice that deprecation for SHA1withRSA signature algorithm for certificate-based authentication has been announced by different organizations in the past few years due to its security vulnerabilities. Using the SHA-1 algorithm in your certificates can make it vulnerable to spoofing, phishing and man-in-the-middle attacks.

    You cannot check the signature algorithm of the certificates from the Hexnode portal. However, you can manually check your certificates from your device (preferably laptops or PCs) for the type of algorithm used in them by following the given instructions:

    1. Find the location of the certificate on your device.
    2. Click on the certificate to view the certificate information.
    3. Click on the details dropdown to view the entire details of the certificate.
    4. Inside the certificate details, you will be able to find the signature algorithm used in the certificate.

    Once you’ve found out the certificates having SHA1withRSA signature algorithm, you can replace those certificates with the newer ones from the policies and re-associate the policy to your devices.

    Hope this answers your query.

    Cheers!
    Chris Coleman
    Hexnode UEM

  • Avatar

    Isabis

    Participant

    Isabis

    Participant

    Thank you guys! You guys have been very helpful. I was actually able to figure out the certificates with the older SHA-1 certificates and replace them with the newer ones.