Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Any way to enable mutual TLS with a SHA1 root?

0

My client is unable to procure a SHA256 root certificate and we are wondering if there is any way to configure a Trust Store with the SHA1 root cert they do have.

This is in regard to the ALB mTLS Trust Store feature.

Topics
Internet of Things (IoT)
Tags
Transport Layer Security (TLS)
Language
English
asked a year ago354 views
1 Answer
0

No, it isn't possible. Documentation states clearly that only SHA-2 (which the 256-, 384-, and 512-bit variants are, SHA-1 being 160-bit) is supported: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html#mtls-for-awareness

Supported signature algorithms: SHA256, 384, 512 with RSA/SHA256, 384, 512 with EC/SHA256,384,512 hash with RSASSA-PSS with MGF1

Would you like to elaborate on what's blocking your client from obtaining a certificate from this decade?

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content