Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Self-signed certificate generator (PowerShell) SHA-2? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    The Doc for this script lists only the following Signature Algorithms:

    Currently signature algorithms are limited to: 
        MD5 
        SHA1 
        SHA256 
        SHA384 
        SHA512

    But I found on another forum that

    Trying to access a secure website that only uses SHA-1 encryption.  SHA-1 encrypted websites with certificates valid beyond Jan. 1, 2017 are marked as definitely insecure with Red HTTPS slash.  Such websites need to update their security certs to SHA-2.

    I notice that the script was last updated 9/11/16, which would predate this 1/1/17 change to the SHA-2 requirement.

    Apparently I need to generate a new certificate, but it seems this script will not generate one with the currently-required encryption level. Is there a way to do this? Can I use one of the other supported signature algorithms? Suggestions?

    Thank you very much,

    David Baldwin

    • Moved by Bill_Stewart Wednesday, December 12, 2018 8:19 PM Unanswerable drive-by question
    Tuesday, August 28, 2018 5:58 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Post issues with setting up web sites and SSL certs in the IIS forum. http://forums.iis.net

    If you are talking about accessing public web sites then there is no way to change the client to make the site use a valid SSL cert.

    \_(ツ)_/

    Tuesday, August 28, 2018 6:09 PM