Hi Michael, One quick follow-up on this. My client is the one who controls the SSL for the site, so there would likely be some delay between generating the new CSR and installing the SHA-2 cert. If I proceed as you suggest by temporarily removing the /certs folder for the site to generate the SHA256 CSR, can I restore the old certs directory while I wait for the new certificate to arrive from my client? Or is there something that changes in the configuration of the SSL that would prevent me from using the SHA-1 certificate after generating an SHA256 CSR?
Thanks for your help! -- Matt James RainStorm, Inc <http://rainstorminc.com/> (207) 866-3908 x54 > On Nov 21, 2014, at 10:48 PM, Michael Stauber <mstau...@blueonyx.it> wrote: > > Hi Matt, > >> I'm about to issue a few CSRs from our servers that need to be SHA-2 >> compatible (assuming that's the right language to describe it). Is >> there anything special that I need to do? I have both 5107R and >> 5106R servers that this would be executed on. > > Make sure you're fully YUM updated. Then go into the directory > /home/sites/www.site.com/certs and move everything in there to a safe > place. Or rename the whole "certs" directory of that Vsite to > "certs.bak" and then make sure the new "certs" directory is empty. > > Then create the signing request. If no key or old certificate is present > in the directory, then the new cert will no longer use SHA-1 but the > stronger SHA256 hashing algorithm. > > This was added to all BlueOnyx versions about two months ago. > > Example for 5106R: > http://devel.blueonyx.it/trac/changeset/1661/BlueOnyx/ui/base-ssl.mod > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
