In a recent vulnerability scan we found that McAfee EPO reports the following
SHA-1-based Signature in TLS/SSL Server X.509 Certificate
SSL certificate is signed with SHA1withRSA. Stop using Sha-1
Talking to Mcafee support they told me that Sha-1 is the default and the only way to move to sha-2 or greater is to reinstall the server using FIPS mode. Obviously this is a great amount of work so I wanted to see if anyone else has had to deal with this or can confirm what I am being told.
Has the status of this changed any? Is SHA-2 still only supported in FIPS mode? The reason I ask is because I'm having trouble importing a new certificate, which is obviously SHA-2. ePO has been the first application we've had that hasn't liked the cert.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.