Hi,
in AWA-Help 12.2
https://docs.automic.com/documentation/webhelp/english/AWA/12.2/DOCU/12.2/AWA%20Guides/help.htm#_Common/Security/Security_Hardening_HTTPS_SSL.htm?Highlight=https
under Securing Access with HTTPS in subchapter Create a Keystore File for Your Tomcat Installation is written, that I should use SHA-256 instead of SHA-1:
"….Warning! SHA-1 certificates are considered to be unsafe by modern browsers. Use SHA-256 instead"
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore tomcat-keystore.jks -storepass myTomcatKeystorePassword
Question 1:
- Which parameter of the program keytool do I have to modify or add, that i use SHA-256?
Question 2:
I have adopted the command "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore tomcat-keystore.jks -storepass myTomcatKeystorePassword I only changed the Password and the Java path. After the creation of the file tomcat-keystore.jks I got following message in mein CLI:
DE:
Der JKS-Keystore verwendet ein proprietäres Format. Es wird empfohlen, auf PKSC12 zu migrieren, das ein Industriestandardformat mit "keytool -importkeystore -srckeystore tomcat-keystore.jks -destkeystore tomcat-keystore.jks -deststoretype pkcs12" ist.
UK/US (my own translation)
The JKS-Keystore use a proprietary format. It is recommended to migrate to PKSC12, that is an default industrial format with "keytool -importkeystore -srckeystore tomcat-keystore.jks -destkeystore tomcat-keystore.jks -deststoretype pkcs12".
Has this message anything got to do with my first question (Q1: SHA-256 instead of SHA-1)?
- What is PKCS12?
- Are there any secrutiy reasons to switch over to PKCS12?
- How do I switch over to pkcs12?
In the same page it's something written about PKSC12, but I should skip this because "...Skip this step if you are using the self-signed certificate created in the previous step.". I skipped it, because I use a self-signed certificate.
Question 3
Can I see afterwards if I use SHA-256 and PKSC12 (where can I verify it?)
Yours sincerely/Mit freundlichen Grüßen
Martin Zeise-Kaucic