The default SHA-1 SSL certificates used by Release automation will stop being supported by Microsoft / Google browsers in January 2017.

Document ID : KB000012349
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Does Release automation use a SHA-1 signed certificates for communication between RA server and internet browser.

Starting early 2017 several browsers like Microsoft internet explorer, Firefox , Chrome and Mozilla  will deprecate the support for SHA-1 signed certificates for HTTPS/SSL communication and will block the connection to these websites as they are considered not secure anymore.

The default  SHA-1 SSL certificates used by Release automation will stop being  supported by Microsoft / Google browsers in January 2017 .

Environment:
Release automation server 5.x and 6.x
Answer:

If you are using a SHA-1 signed certificate for your RA webserver depends on how you configured your Release Automation server.

When you are using the secure communication (HTTPS) between internet browser and RA server and use the default nolio self-signed certificates

installed during the installation, you have a SHA-1 signed certificate in place which needs to be updated.

If you have already setup you own certificate from a Certificate authority or generated your own self signed certificate you have to verify the certificate.

In most browsers you can click on the padlock symbol to display the certificate information. Expand to show certificate details and check the Signature Algorithm. Also make sure you click on the intermediate certificate to check if this is SHA-1 signed certificate or not.

As a best practice we always advice to replace the default nolio certificate for your own certificate.

You can install your own self signed certificate using the procedure "Secure UI Communication” from the Release automation installation guide

https://docops.ca.com/ca-release-automation/6-2/en/installation/ca-release-automation-communications-security/secure-communications

 

Additional Information:

Starting with RA 6.3 we will update the default nolio certificate which is installed during the initial installation to be SHA-256 signed certificate .