Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Servers compatibility with SHA256-signed SSL certificates

SHA256 hash algorithm is used for certificates, CSR... signature and guarantee their unicity. It does not intervene in encipherment / authentication process but tools (browsers, email clients, servers...) must be able to read / decipher this kind of hash during the connection / authentication process.
  • if you install a SHA256 certificate on a client (strong authentication by certificate),
    make the client (browser, webservice...) and the servers are compatible
    even if the server keep using a SHA1/MD5 signed certificate.

  • if you install a SHA256 certificate on a server then all the clients connecting to it and the server must be SHA256-compatible.

Servers SHA256-compatible

  • Apache server (tested with Apache 2.0.63 and OpenSSL 0.9.7m but for a complete implementation you'll need OpenSSL 0.9.8o+).
  • Windows Server 2008+
  • Windows Vista
  • Windows 7
  • Windows Server 2003 with patch 938397
  • Windows Server 2003 or XP client with patch 968730
  • Oracle WebLogic from the version 10.3.1, see bug8422724
  • Oracle Wallet Manager 11.2.0.1+
  • IBM HTTP Server with GSKit 7.0.4.14 or higher
  • Websphere with GSKit 8 or higher
  • Java servers: JDK 1.4.2+
  • Citrix Netscaler 9.3+
  • Citrix Access Gateway v5.0.4+
  • Citric Secure Gateway 3.3+
  • 4D server 14.01+
  • Amazon Web Server (AWS)
  • Barracuda Network Access Client 3.5+
  • CrushFTP 7.1.0+
  • F5 BIG-IP 10.1.0+
  • WebSphere MQ 7.0.1.4+
  • SonicOS (SonicWall) 5.9.0.0+
  • Products based on OpenSSL 0.9.8o+
  • Products based on Mozilla NSS 3.8+
  • IBM z/OS v1r10+
  • IBM Domino 9+ (bundled with HTTP 8.5+)
  • IBM HTTP (bundled with Domino 9+)
  • Cisco ASA 5500 8.2.3.9+ for AnyConnect VPN Sessions
  • Cisco ASA 5500 8.4+ for other functionalities
  • Load balancer Cisco ACE30 handles SHA-256 certificates from software version A4 (1.0)
    (tested at OVH witha software version A5 (2.2)).
Doc of reference:

Servers not SHA256-compatible

  • Citrix Secure Gateway 3.2 ou inférieur
  • Citrix Access Gateway
  • Citrix Access Essentials version 3
  • Juniper SBR
  • Citrix Receiver models
  • Blackberry 2.2 / BlackBerry 1.0 Tech Preview
  • Cisco ACE module software versions A2 and A3
  • Windows Serveur 2003 on which the patch 938397 allowing SHA256 support has not been installed
    See http://support.microsoft.com/kb/938397
  • Windows 2000

Learn more