Tech Tip : Does Release automation use a SHA - 1  depreciated signed certificates for communication between RA server and internet browser

Document created by DirkBleyenberg Employee on Nov 30, 2016
Version 1Show Document
  • View in full screen mode

Question

Does Release automation use a SHA - 1  signed certificates for communication between RA server and internet browser.

Starting early 2017 several browsers like Microsoft internet explorer, Firefox , Chrome and Mozilla  will deprecate the support for SHA -1 signed certificates for HTTPS / SSL communication and will block the connection to these websites as they are considered not secure anymore.

 

 

Environment

Release automation server 5.x and 6.x

 

Answer

If you are using a SHA -1 signed certificate for your RA webserver depends on how you configured your  Release Automation server.

When you are using the secure communication ( HTTPS )  between internet browser and RA server and use the default nolio self signed certificates

installed during the installation , you have a SHA - 1 signed certificate in place wich needs to be updated .

If you have already setup you own certificate from a  Certificate authority or generated your own selfsigned certificate you have to verify the certificate .

In most browsers you can  click on the padlock symbol to display the certificate information. Expand to show certificate details and check the Signature Algorithm. Also make sure you click on the intermediate certificate to check if this is SHA-1 signed certificate or not .

As a best practice we always advice to replace the default nolio certificate for your own certificate .

You can install your own selfsigned certificate using the procedure "Secure UI Communication"  from the Release automation installation guide

https://docops.ca.com/ca-release-automation/6-2/en/installation/ca-release-automation-communications-security/secure-communications

 

 

 

Additional Information

Starting with RA 6.3 we will update the default nolio certificate which is installed during the initial installation to be SHA-256 signed certificate .

Attachments

    Outcomes