Since my last post about SHA2 and Windows I’ve received numerous questions from customers and partners around three particular scenarios. This post will try to address those questions.
As covered in the previous post, Windows XP Service Pack 3 clients with KB 968730 can enroll SHA2 signed certificates. But looking at the Certificate Templates MMC for a version 2 template, it is not very clear how to configure SHA2. Version 3 templates include an option about hashing algorithms, but Windows XP can’t enroll in version 3 templates (Vista or newer is needed for that). So several customers have asked how to configure XP and 2003 clients to enroll in SHA2 certificates.
The answer is actually very simple. Once a CA is configured with a SHA2 at install, all certificates it issues will use the same hash. The “request hash” setting on Version 3 templates refers to the hash used only in the generation of Certificate Signing Requests (CSR). The CSR is only used during the certificate enrollment process, and a new hash is generated and attached to the final certificate by the CA.
Several customers have expressed a desire to migrate from their old SHA1 PKI hierarchy to a new hierarchy based completely on SHA2. While a full write-up of what is required would take several blog posts, I just wanted to cover a few points that are sometimes overlooked.
There was some concern with the pervious blog post about exactly what scenarios Microsoft officially supports and does not. To be clear, the table at the bottom of the post was intended to share test results, rather than an official support statement (this is why the word “works” not “supported” was used in the table). Our official support statement is contained within KB 968730:
Windows XP SP3 implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in the X.509 certificate validation. The changes in the certificate validation are meant to enable the scenario of the SSL/TLS authentication. Other scenarios that involve certificate validation may not work if you use certificates that are secured by using the SHA2 algorithms if the protocols and the applications do not support the SHA2 hashing algorithms. For example, the S/MIME signed e-mail verification and the Authenticode signature verification do not support the SHA2 hashing algorithms on a computer that is running Windows XP SP3.
That being said, Windows XP and Server 2003 are getting very close to the end of their support lifecycle. At the time of writing, only XP SP3 and 2003 SP2 are supported and only under the terms of Extended Support. Windows XP extended support will end on 4/8/2014. After 4/8/2014 customers will no longer be able to receive support from Microsoft and no new security hotfixes (including those for critical vulnerabilities) will be released for XP/2003. Customers are strongly encouraged to migrate systems to Windows Vista/2008 and newer.
I hope that clears up any questions.
Very useful Adam, thank you!
What about the hash algorithm for signing CRLs? is that configured separately from the one used in certificate signing at install time?
CRLs are signed with the same algorithm that was selected at CA install.
In the scenario of a client with a Windows XP SP3 and KB 968730, can you run a script invoking Xenroll to generate a certificate signing request (PKCS # 10) using SHA-256 as hash algorithm?