In a recent vulnerability scan we found that McAfee EPO reports the following
SHA-1-based Signature in TLS/SSL Server X.509 Certificate
SSL certificate is signed with SHA1withRSA. Stop using Sha-1
Talking to Mcafee support they told me that Sha-1 is the default and the only way to move to sha-2 or greater is to reinstall the server using FIPS mode. Obviously this is a great amount of work so I wanted to see if anyone else has had to deal with this or can confirm what I am being told.
Has the status of this changed any? Is SHA-2 still only supported in FIPS mode? The reason I ask is because I'm having trouble importing a new certificate, which is obviously SHA-2. ePO has been the first application we've had that hasn't liked the cert.