SHA1证书弃用的影响 [英] Impact of SHA1 Certificate Deprecation

问题描述

我目前正在开发在嵌入式WiFi无线电上使用EAP-TLS身份验证的环境中。在该无线电上，我们加载了多个用于身份验证的证书（客户端证书，客户端的私钥文件和根CA证书）。我最近遇到过 Windows博客文章
和其他一些有关SHA1哈希算法弃用证书签名的帖子。

I am currently developing in an environment where EAP-TLS authentication is being used on an embedded WiFi radio. On that radio, we load multiple certificates for authentication (a client certificate, a private key file for the client, and a root CA certificate). I have recently come across this Windows Blog post and a few other posts about the deprecation of the SHA1 hash algorithm for certificate signing.

我的主要问题/关注点是我使用的是不支持使用任何比SHA1更强大的证书（根本不支持SHA2），我想知道EAP-TLS和其他802.1X方法是否会因向SHA2的转换而受到影响。 CA（如果客户创建了自己的根CA，或者如果我的客户使用第三方根CA，则是中级CA）是否仍可以颁发SHA1证书，或者也将其停止？

My main question/concern is that the radio that I am using does not support the use of any certificates stronger than SHA1 (no SHA2 support at all) and I wanted to know if EAP-TLS and other 802.1X methods are going to be affected by this shift to SHA2. Will CAs (either the Root CA if the customer created their own or the Intermediate CA, in the case that my customers use a third party Root CA) be able to issue SHA1 certificates still or will that be stopped as well?

感谢您对此问题的任何帮助和支持。

I appreciate any help and support regarding this issue.

推荐答案

SHA1的弃用政策Microsoft产品仅影响由受信任的根计划的成员颁发的证书。 SHA1将继续适用于由私人CA颁发的证书： http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx

SHA1 deprecation policy in Microsoft products affects only certificates issued by members of Trusted Root Program. SHA1 will continue to work for certificates issued by private CAs: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx

这篇关于SHA1证书弃用的影响的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！