OpenManage Enterprise 4.6.0 Deprecates SHA-1 Web Server Certificates

For instances running version 4.5.0 and higher, a notification banner is displayed. This banner warns users that version 4.6.0 deprecates support for web server certificates signed using the SHA-1 secure hash algorithm.

If the web server certificate used by OpenManage Enterprise (OME) is using SHA-256 or higher, the notification message can be safely ignored. Click the 'Dismiss' link to hide this notification.

With version 4.6.0 and newer, uploading an SHA-1 based web server certificate is blocked and produces the following error message:

This includes the leaf certificate or any of the certificate authority certificates in the chain.

To verify which secure hash algorithm used to sign the web server certificate, perform the following steps:

1. Open the OpenManage Enterprise user interface using a web browser.
2. Click the 'lock' or 'Not secure' icon to the left of the URL.
3. Click the site security message 'Connection is Secure' or 'Your connection to this site is not secure' to view the certificate validity message.
4. Click the certificate icon at the upper right of the message window to bring up the certificate viewer.
5. Select the details tab to bring up the Certificate Hierarchy and Certificate Fields.
6. For each certificate in the hierarchy, select the 'Certificate Signature Algorithm' under the Certificate Fields section. If SHA-1 is listed under any of the certificates, then your certificate should be updated as soon as possible. Work with your signing authority to submit a new certificate signing request (CSR) to retrieve an updated certificate.

Figure 1: Server certificate chain where the certificate authority is using SHA-1 algorithm.

Not applicable

If the web server certificate is using a secure hash algorithm higher than SHA-1, then the notification banner can be safely ignored. Click the 'Dismiss' link to hide the banner. Note:The banner is displayed on a per-user basis. Each user must dismiss the banner during their own session.

Dell Technologies recommends updating the OpenManage Enterprise web server certificate at your earliest convenience. To take advantage of the higher security standards introduced in version 4.6.0, use a secure hash algorithm of SHA-256 or higher. Work with your signing authority to submit a new certificate signing request (CSR) to obtain an updated certificate.

Instances that leverage a certificate where the SHA-1 secure hash algorithm is used, continue to function even after the upgrade.