As SHA1 is being phased out and as of November 2016 already reported as an error in Chrome, this may have an impact on your CDN deployment.
The impact is twofold:
First, if you have a SHA-1 private certificate on a CDN, it is urgent that you upgrade it to a more secure certificate.
Second, if your origin server uses https and has a SHA-1 certificate, sooner or later your CDN will also start to fail the connections to the origin. This already happens at Akamai.
How to check if you cdn service or your origin has a deprecated certificate?
Use the following command on your origin servers and your CDN endpoints:
echo | openssl s_client -connect <host name>:<port> 2>/dev/null | openssl x509 -text | grep "Signature Algorithm"
This is a good answer:
Signature Algorithm: sha256WithRSAEncryption
This is a bad answer
Signature Algorithm: sha1WithRSAEncryption
If you have a bad answer and are a Globaldots customer, contact us immediately.
Comments
0 comments
Please sign in to leave a comment.