SecureAuth IdP SHA256 Cloud Web Service

SecureAuth IdP now supports SHA256 hashed certificates to improve security, reliability, and performance of the SecureAuth Cloud Services. Microsoft issued a Security Advisory recommending that Certificate Authorities (CAs) stop using SHA-1 SSL certificates by January 1, 2017, and that customers migrate any SHA-1 SSL and Code Signing certificates to the SHA256 (SHA-2) hashing algorithm at the earliest opportunity.

1. SecureAuth IdP – SecureAuth Cloud Communication

Communicating through mutual authentication, where the client (SecureAuth IdP) is uniquely identified by the service (SecureAuth Cloud), and the service is uniquely identified by the client

Communications include:

2. Browser to IdP Appliance Communication

Utilize secure (HTTPS) browser to web server communications for third-party certificates

3. Profile Data Encryption

Encrypt the user profile data before writing it to a user profile field in the on-premises directory

4. SAML, WS-Federation, and other Assertion Languages Signing and Encryption

Use SSL certificates to sign and encrypt SecureAuth IdP – SaaS communication

1. Certificate Renewal

Third-party, publicly-trusted SHA-1 hashed certificates installed on the SecureAuth IdP appliances require renewal or replacement with a SHA-2 SSL certificate

2. Upgrade / Migrate SecureAuth IdP Appliance

Pre-8.1 SecureAuth IdP appliances must be upgraded or migrated to the new cloud services environment

Schedule a maintenance window with SecureAuth Support to upgrade the appliance using the automated tools

3. Root and Intermediate Certificate Authority Certificate Renewal

SSL VPNs or other Gateway devices that utilize SecureAuth-issued native certificates must be updated with the SHA-2 Root and Intermediate CA Certificates

SecureAuth Appliance Certificate Renewal Utility (ACRU)