Robert Levas created AMBARI-14778:
-------------------------------------
Summary: Ambari Server CA should use sha265 as default message
digest algorthm
Key: AMBARI-14778
URL: https://issues.apache.org/jira/browse/AMBARI-14778
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.1.1
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.2.2
The Ambari Server (built-in) CA should use {{SHA265}} as default message digest
algorithm rather than the no longer trusted {{MD5}} and {{SHA1}} digest
algorithms.
To do this, change the following line (in both the unix and windows version of
the file):
{code:title=ambari-server/conf/unix/ca.config}
default_md = md5
{code}
To
{code:title=ambari-server/conf/unix/ca.config}
default_md = sha256
{code}
Note: This directly affects 2-way SSL between Ambari server and the agents due
to security constraints in newer JVMs, like
{noformat}
openjdk version "1.8.0_71"
OpenJDK Runtime Environment (build 1.8.0_71-b15)
OpenJDK 64-Bit Server VM (build 25.71-b15, mixed mode)
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
