Hash Algorithms

RSASSA-PSS – Why Your Certificate Can’t Be Validated

A common theme has been arriving in my email box lately as well as many online forums. Consistently people are reporting error with certificates issued by their internal Microsoft ADCS based CAs. Problems range from Apple devices, Firefox, appliances and many other systems. When people examine their certificates they see that their certificates are SHA…

Read More

Certificate Template Request Hash – The Real Story

With a lot of focus on moving from SHA1 to SHA256, one question that I get a lot of is how to get certificates issued with SHA256. The short answer is that a CA signs everything is creates with a single hash signature algorithm. There is no mechanism that enables per-template based signature hash specification. So…

Read More

Goodbye MD5 – Sooner Than You Think!

If you recall, last year Microsoft took a small step to increase the security of enterprises by following industry standards that weaker/shorter keylengths were no longer viable for production use. Microsoft did this with KB 2661254 which prevented Windows operating systems from validating certificates with key lengths shorter than 1024. Recently, Microsoft announced Security Advisory…

Read More