Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate sha256 webserver certs instead of sha1 #2842

Closed
ketan opened this issue Nov 8, 2016 · 1 comment

Comments

Projects
None yet
1 participant
@ketan
Copy link
Member

commented Nov 8, 2016

Issue Type
  • Feature enhancement
Summary

Sha1 certs are being deprecated in a few months from now. GoCD must now generate sha256 certs instead.

ketan added a commit to ketan/gocd that referenced this issue Nov 23, 2016

ketan added a commit to ketan/gocd that referenced this issue Nov 23, 2016

ketan added a commit to ketan/gocd that referenced this issue Nov 23, 2016

ketan added a commit to ketan/gocd that referenced this issue Nov 23, 2016

ketan added a commit to ketan/gocd that referenced this issue Nov 23, 2016

ketan added a commit to ketan/gocd that referenced this issue Nov 23, 2016

ketan added a commit to ketan/gocd that referenced this issue Nov 23, 2016

zabil added a commit that referenced this issue Nov 25, 2016

Generate SHA-256 webserver certs instead of SHA1 (#2842) (#2887)
* Generate SHA-256 webserver certs instead of SHA1 (#2842)

* Generate the webserver cert or the agent CA cert chain as needed (#2842)

* Allow configuring the signature algorithm via a system property (#2842)

@ketan ketan added this to the Release 16.12 milestone Nov 25, 2016

@ketan ketan closed this Nov 25, 2016

@ketan

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2016

The self-signed web-server certificate that GoCD generates is now a SHA-256 certificate instead of a SHA-1 certificate. SHA1 certificates have been deprecated by most browser vendors and users will start to see a warning in their browsers.

Any new installations of GoCD will generate a SHA-256 certificate. For existing installations, users should remove the file config/keystore to allow GoCD to regenerate a new server certificate. Depending on your end-to-end transport security settings you may need to configure the -rootCertFile argument to the GoCD agent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.