Follow

Update OpenVPN certificates from MD5 to SHA1


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.

See Ecessa's full line of products and solutions

OpenVPN will remove support for MD5 certificates at the end of April 2018.  Self Signed Certificate Authorities created on Ecessa devices prior to version 10.7.4 use MD5 certificates and will need to be upgraded.  A new Self Signed Certificate Authority, created on version 10.7.4 or newer, will use SHA1 by default.

Version 10.7.4 has not been released yet.  It is expected to be released the week of April 16th, 2018.  When released the version will be listed on the Release Notes page.

How to upgrade:

- Upgrade Ecessa device to version 10.7.4 or newer.

- Use the CLI command certificate self-ca modify name [NAME] msg-digest sha1 replacing [NAME] with the name of the Certificate Authority.  After entering the command use commit save to apply and save the change.

- Renew the client certificates, which will now use SHA1, and distribute the updated certificates to clients.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.