Generate SHA-256 webserver certs instead of SHA1 (gocd#2842)

ketan · Nov 23, 2016 · cba3a9d · cba3a9d
1 parent dd47e08
commit cba3a9d
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/common/src/com/thoughtworks/go/security/X509CertificateGenerator.java b/common/src/com/thoughtworks/go/security/X509CertificateGenerator.java
@@ -47,7 +47,6 @@
 @Component
 public class X509CertificateGenerator {
     private static final int YEARS = 10;
-    private static final String SIGNATURE_ALGORITHM = "SHA1WITHRSA";
     private static final String PASSWORD = "Crui3CertSigningPassword";
     @Deprecated private static final char[] PASSWORD_AS_CHAR_ARRAY = PASSWORD.toCharArray();
     public static final String AGENT_CERT_OU = "Cruise agent certificate";
@@ -97,7 +96,7 @@ private X509Certificate createTypeOneX509Certificate(Date startDate, String prin
         certGen.setNotAfter(now.plusYears(YEARS).toDate());
         certGen.setSubjectDN(principal);                       // note: same as issuer
         certGen.setPublicKey(keyPair.getPublic());
-        certGen.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
+        certGen.setSignatureAlgorithm("SHA512WITHRSA");
 
         try {
             return certGen.generate(keyPair.getPrivate(), "BC");
@@ -269,7 +268,7 @@ public V3X509CertificateGenerator(Date startDate, X509Principal issuerDn, X509Pr
                                           PublicKey publicKey, BigInteger serialNumber) {
             X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
             gen.reset();
-            gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
+            gen.setSignatureAlgorithm("SHA256WithRSAEncryption");
             gen.setNotBefore(startDate);
             DateTime now = new DateTime(new Date());
             gen.setNotAfter(now.plusYears(YEARS).toDate());