How To Change The Zentyal Certificate Algorithm From SHA-1 To SHA256

As of Zentyal version 4.2 the bundled certificate authority (CA) module is creating signed certificates using the SHA-1 algorithm which is an old algorithm and pretty much deprecated.

Google Chrome, for example, will give a warning when accessing any SSL page that’s encrypted stating that your connection is not secure.

SSL Certificates created now should, as a minimum, use the the SHA256 algorithm to ensure encrypted connections are kept private. To change Zentyal to use the SHA256 algorithm, you’ll need to make a small edit to your openssl.cnf file.

default_md = sha1

Edit the value and enter sha256.

default_md = sha256

You’ll then need to log into the Zentyal Admin site and revoke and re-issue all of your sha1 certificates.

Credit: James Coyle

Leave a Reply