问题
I am currently developing in an environment where EAP-TLS authentication is being used on an embedded WiFi radio. On that radio, we load multiple certificates for authentication (a client certificate, a private key file for the client, and a root CA certificate). I have recently come across this Windows Blog post and a few other posts about the deprecation of the SHA1 hash algorithm for certificate signing.
My main question/concern is that the radio that I am using does not support the use of any certificates stronger than SHA1 (no SHA2 support at all) and I wanted to know if EAP-TLS and other 802.1X methods are going to be affected by this shift to SHA2. Will CAs (either the Root CA if the customer created their own or the Intermediate CA, in the case that my customers use a third party Root CA) be able to issue SHA1 certificates still or will that be stopped as well?
I appreciate any help and support regarding this issue.
回答1:
SHA1 deprecation policy in Microsoft products affects only certificates issued by members of Trusted Root Program. SHA1 will continue to work for certificates issued by private CAs: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx
来源:https://stackoverflow.com/questions/40598198/impact-of-sha1-certificate-deprecation