The default SHA-1 SSL certificates used by Release automation will stop being supported by Microsoft / Google browsers in January 2017

Document created by DirkBleyenberg Employee on Dec 15, 2016
Version 1Show Document
  • View in full screen mode

Problem

The default SHA-1 SSL certificates used by Release automation will stop being supported by Microsoft / Google browsers in January 2017

Starting early 2017 several browsers like Microsoft internet explorer, Firefox , Chrome and Mozilla  will deprecate the support for SHA-1 signed certificates for HTTPS/SSL communication and will block the connection to these websites as they are considered not secure anymore.

 

Environment

Release automation server 5.x and 6.x

Answer

If you are using a SHA-1 signed certificate for your RA webserver depends on how you configured your Release Automation server.

When you are using the secure communication (HTTPS) between internet browser and RA server and use the default nolio self-signed certificates installed during the installation, you have a SHA-1 signed certificate in place which needs to be updated.

If you have already setup you own certificate from a Certificate authority or generated your own self signed certificate you have to verify the certificate.

In most browsers you can click on the padlock symbol to display the certificate information. Expand to show certificate details and check the Signature Algorithm. Also make sure you click on the intermediate certificate to check if this is SHA-1 signed certificate or not.

As a best practice we always advice to replace the default nolio certificate for your own certificate.

You can install your own self signed certificate using the procedure "Secure UI Communication” from the Release automation installation guide

https://docops.ca.com/ca-release-automation/6-2/en/installation/ca-release-automation-communications-security/secure-communications

 

Additional Information

Starting with RA 6.3 we will update the default nolio certificate which is installed during the initial installation to be SHA-256 signed certificate .

3 people found this helpful

Attachments

    Outcomes