Univention Corporate Server (UCS) » SSL certificates

ID #1248

How can the hash function for SSL certificates be upgraded from md5 to sha?

In UCS versions before 2.3, the md5 hash function was used for SSL certificates; as of UCS 2.3, the sha1 hash procedure is used for new installations. UCS systems updated from earlier versions continue to employ md5 for hashing. To change the hash function over to sha1 at a later point in time, the following Univention Configuration Registry variable must be set:

ucr set ssl/default/hashfunction=sha1


Since UCS 4, the sha1 hash function is deprecated and sha256 is used for new installations - you can adjust the default:

ucr set ssl/default/hashfunction=sha256


The complete certificate authority (CA) must then be regenerated, including the UCS root CA certificate. The following SDB article describes the process: Renewing the complete SSL chain

Tags: UCS 2, UCS 3, UCS 4

Related entries:

Last update: 2015-06-17 16:44
Author: Moritz Mühlenhoff
Revision: 1.3

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry