Thanks for the clarification. From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Tuesday, January 26, 2016 4:23 PM To: [email protected] Subject: [mssms] RE: ConfigMgr certs / SHA-2
Two different things. Cert template types != hash algorithm used by certs. Version 2 Cert templates support SHA-2 algorithms no problem. Correct with the v3 cert templates, the client agent will not try to use them - it will see them an ignore them. >From memory, the only issue today are AMT/vPRO certs which only support SHA-1 >but that set of functionality is deprecated in ConfigMgr anyway so it's not >really an issue. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Beardsley, James Sent: Tuesday, January 26, 2016 3:09 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] ConfigMgr certs / SHA-2 Due to the Jan 2017 date in which Windows will no longer trust SHA-1 certificates, we're building a new CA that is SHA-2. I noticed that on TechNet, it still says that we must use 2003 compatibility (version 2) for all ConfigMgr related certs. How is this going to work later on down the road when SHA-1 certificates are no longer supported? And what would happen if we built a Workstation Certificate that was version 3? Does it just flat out not work? Certainly, at some point, I would think SHA-2 certs will be supported. https://technet.microsoft.com/en-us/library/gg699362.aspx Thanks, James Beardsley | Firm Technology Group Dixon Hughes Goodman LLP [cid:8644FC49-D5C9-45AE-B387-04FAFC0CC7A5]<http://www.dhgllp.com/> ________________________________ Confidentiality Notice: This e-mail is intended only for the addressee named above. It contains information that is privileged, confidential or otherwise protected from use and disclosure. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, or dissemination of this transmission, or taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please reply to the sender listed above immediately and permanently delete this message from your inbox. Thank you for your cooperation. ________________________________ Confidentiality Notice: This e-mail is intended only for the addressee named above. It contains information that is privileged, confidential or otherwise protected from use and disclosure. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, or dissemination of this transmission, or taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please reply to the sender listed above immediately and permanently delete this message from your inbox. Thank you for your cooperation.
