none
How to create a self-signed server certificate in IIS with more secure algrorithm SHA-256? RRS feed

  • Question

  • QUESTION: How to create a self-signed server certificate in IIS with more secure algorithm SHA-256?

    Issue CWE-327: Use of a Broken or Risky Cryptographic Algorithm

    Description: SSL certificates can be signed with various algorithms. Microsoft IIS 7.5 uses an older version of the algorithm (SHA-1) to sign self-signed certificates created in IIS under Server Certificates. Due to a number of attacks against SHA-1, it is no longer considered safe. 

    Remediation: Obtain a certificate that uses a more secure algorithm such as SHA-256. 

    Looking for assistance from Microsoft to create a self-signed server certificate which uses a more secure algorithm such as SHA-256.

    Thank you,

    Jay Patel


    Jay.Patel

    Thursday, June 1, 2017 5:15 PM

Answers

  • Thank you. Your answer leads me to the URL below. 

    https://technet.microsoft.com/itpro/powershell/windows/pkiclient/new-selfsignedcertificate#-subject

    MakeCert is deprecated. To create self-signed certificates using SHA-256, I used the Powershell Cmdlet New-SelfSignedCertificate.  


    Jay.Patel

    • Marked as answer by jay.patel Friday, June 2, 2017 6:31 PM
    Friday, June 2, 2017 6:31 PM

All replies