Hi ,
As part of SHA-1 to SHA-2 migration , we have 2 partners SHA-1 complaint and one partner is SHA-2 complaint.
So I have SHA-1 and SHA_2 JKS file. Now SHA_1 used partners are using same port and SHA-2 used partner is using same port. I can give SHA-1 and SHA-2 JKS file at port level. But how it authenticates at run time ? and what should I give as IS server identity SHA-1 or SHA-2 ? we communicate with partners for both incoming and outgoing. Please suggest.
If you configure SHA1 and SHA2 keystore and assigned the same HTTPS port it wont work as you might need to decide SHA2 or SHA2 unless you have 2 different URL’s/ports to support SHA1 and SHA2 based transmissions.
HTH,
RMG
We have different ports and urls for SHA-1 and SHA-2 partners. But what should we give for IS identitity (IS certificates section) will it SHA-1 or SHA-2 ?
Just to be clear
I believe It will not matter as long as partners and your enterprise handshake with corresponding SHA1/SHA2 certs otherwise transmissions will fail with insufficient security errors or some thing related to the SSL digest.
HTH,
RMG