1

I have a server certificate issued by a CA that uses sha-1. Chrome (latest) allowed me to access a server that imports the server cert but IE 10 didn't. Is there way that I could configure IE 10 to accept sha-1 ssl cert?

DaeYoung
  • 205
  • 1
    https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/ – schroeder May 16 '16 at 19:34
  • 1
    Chrome and IE both use the same certificate store. Microsoft has not yet updated IE (IE10, IE11, or IE12) to block SHA-1 certificates. We need more information in order to submit a real answer. You should consider updating the certificate to SHA-2, most CA, will do that for free. In a very short amount of time Windows will be updated NOT to accept that certificate, its not clear, if there will be way to force Windows to accept it. Until its blocked we can't tell you how to unblock it. – Ramhound May 16 '16 at 19:39
  • Do you mean "any IE 10" or an specific computer with IE 10? If you mean "any", then I don't think there is something you can do, as it may require to modify the browser settings manually (if its possible). Please see: http://security.stackexchange.com/questions/103476/when-and-how-will-internet-explorer-refuse-sha-1-certificates. Anyway, for security you should be looking on how to update your certificates to sha-2 instead. If its out of your control, contact that company. – lepe May 17 '16 at 00:59
  • schroeder, Ramhound and lepe: Thank you for your input. I installed COTS production from a vendor. After successful install, I need to access its admin console however I was not able to get with IE 10 only available on my windows 7 but with Chrome I was able to. System log file didn't shed much useful information to troubleshoot. Some of my co-workers said b/c CA cert issued a server cert used sha-1 so that IE and FF (I forgot to mention) blocked access. – DaeYoung May 18 '16 at 13:32
  • correction on my previous statement: COTS product from a vendor...IE 10, Chrome, FF are available from windows 7 box – DaeYoung May 18 '16 at 15:10

1 Answers1

1

In place of configuring IE 10 for accepting sha-1 ssl cert, you should tell your ssl provider to upgrade ssl cert to sha-2. And before some time, mocrosoft has told after Jan 2016 it will not support sha-1. Read more about it at https://www.clickssl.net/blog/microsoft-is-set-to-retire-sha1-rc4 but as per this post http://arstechnica.com/security/2016/05/microsoft-to-retire-support-for-sha1-certificates-in-the-next-4-months/ still I think it will take time not to support sha-1. So, migrate to sha-2 is the best option.

Dana
  • 121
  • That still doesn't work when the system is a hardware system that isn't Internet connected and no longer has firmware updates. Imagine this was the answer when you couldn't unlock your car door. Then imagine your car was a Ferrari. – NetMage Feb 07 '19 at 01:43