Return
-
Title
CVE-2004-2761 SSL Certificate Signed Using Weak Hashing Algorithm -
Description
A vulnerability scan shows CVE-2004-2761 SSL Certificate Signed Using Weak Hashing Algorithm for HTTPS on the TPAM console appliance.
Are SHA2 SHA-256 signed certificates supported by TPAM? -
Resolution
This is an issue with the installed web certificate rather than TPAM.
The Certificate Authority (CA) that supplied the certificate controls the algorithm used for signing certificates. The CA should be configured to provide SHA-256 certificates. If using an internal Microsoft CA this can be done with the following commands:certutil -setreg ca\csp\CNGHashAlgorithm SHA256net stop certsvcnet start certsvc
If using the factory shipped self signed certificate, this should be replaced with a trusted certificate signed via SHA-256.
All versions of TPAM 2.5, support SHA-256 signed certificates..