Follow

Update OpenVPN certificates from MD5 to SHA1


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.
Please note that as of Jan 3rd, 2025, support tickets will be handled by OneNet Global Support team. Please see OneNet Global Support Portal - End User Instructions for guided information on how to use the OneNet Global ticketing system.

See Ecessa's full line of products and solutions

OpenVPN will remove support for MD5 certificates at the end of April 2018.  Self Signed Certificate Authorities created on Ecessa devices prior to version 10.7.4 use MD5 certificates and will need to be upgraded.  A new Self Signed Certificate Authority, created on version 10.7.4 or newer, will use SHA1 by default.

How to upgrade:

- Upgrade Ecessa device to version 10.7.4 or newer.

- Use the CLI command certificate self-ca modify name [NAME] msg-digest sha1 replacing [NAME] with the name of the Certificate Authority.  After entering the command use commit save to apply and save the change.

- Renew the client certificates, which will now use SHA1, and distribute the updated certificates to clients.

 

Was this article helpful?
0 out of 0 found this helpful

0 Comments

Article is closed for comments.