RSA SHA SSL Cert

[Pugglewuggle]

Hi guys,

I just got a new SSL cert for our AMS server's webmail. There is an issue with the cert not being accepted by browsers because of a trust issue. We have the correct CN/hostname pairing and everything else right. I was reading this forum looking for a solution and it appears that AMS only supports RSA-MD5 certs! Is this true? Is there any way to get this working with an SHA cert? All issued certificates that I've seen lately use SHA hashing, not to mention SHA is superior to MD5 as far as speed goes, and in that MD5 has been shown to have been exploited in at least two studies.

Any ideas?

[Pugglewuggle]

Okay, I called the CA and they said that due to MD5 based SSL's recent cracking they revoked all active MD5 certs and cannot provide me with an MD5 cert due to their liability and guarantee on secure communication that comes with purchasing their service. So basically there's no way to get an MD5 hash cert from them.

Here's a little story about the attack, but I imagine you've already seen it. http://www.eweek.com/c/a/Security/SSL-C ... -Security/

Have you guys considered this with AMS 3? Only accepting MD5 certs will severely cripple any server/security product where crypto is necessary. I imagine this is also the reason for the recent posts where users such as waterman34 can't get his certs working.

Just letting you know! Take it easy! Oh, and Pssst me - how much longer for AMS 3?

[Code Crafters]

It is true that the current version supports only RSA MD5 encrypted certificate / private key pairs. However, I have made a note on our big to-do list to see if we can also add support for SHA encrypted certificates in a future update, possibly the next AMS2 update due in the next couple of months most likely. If its not hard to build in I'll try to push it into this update but can't promise for sure until I look into it further.