SHA2 Security update - External System

Hemalatha_Sampath_Kumar · July 31, 2015, 8:35pm

Hi There,

One of our external partners are planning to deprecate the usage of SHA1 certificate signature and they are upgrading to SHA2 version and these are Symantec SSL certificates and these are no way related to the application which are trying to access on their end.

we use “pub.client:http” post method to invoke this partner’s URL using username and password based authentication only and we do not do any certificate based authentication, no certs have been installed for this partner in our system.

Do we have to import the SHA2 certs shared by partner in our trustore ?

I am wondering if their SHA2 certificate signature upgrade would affect our interactions with the partner system in case if we do not import the certs which they shared.

Please share your thoughts.

Thank You !
Hema

Holger_von_Thomsen · August 3, 2015, 9:47am

Hi Hemalatha,

which version of wM are you running on?

Are you connecting to an https url?

Any way:
Make sure you have the latest IS-Core-, SCG-Entrust-, SIN- and SSX-Fixes for your wM-Version applied to your installations.

See also related KB-Article at Empower for disabling SSL v3 due to POODLE-Vulnerability (covered by applying the appropriate IS-Core and SCG-Emtrust-Fixes).

If there are problems after that you should try to open an incident at SAG support for further investigation and assistance.

Regards,
Holger