SSL Certificate Signed using Weak Hashing Algorithm

最新推荐文章于 2024-07-22 18:33:40 发布
最新推荐文章于 2024-07-22 18:33:40 发布
阅读量3k 收藏
点赞数
原文链接:https://www.ibm.com/support/pages/ssl-certificate-signed-using-weak-hashing-algorithm
版权

SSL Certificate Signed using Weak Hashing Algorithm
Troubleshooting

Problem
Nessus scanner reports an issue: The SSL certificate has been signed using a weak hash algorithm.

Symptom
Issue:
SSL Certificate Signed using Weak Hashing Algorithm

Synopsis :

The SSL certificate has been signed using a weak hash algorithm.

Description :

The remote service uses an SSL certificate that has been signed using a cryptographically weak hashing algorithm - MD2, MD4, or MD5. These signature algorithms are known to be vulnerable to collision attacks.
In theory, a determined attacker may be able to leverage this weakness to generate another certificate with the same digital signature, which could allow him to masquerade as the affected service.

Cause
The embedded WebSphere Application Server (eWAS) serves an SSL certificate that is hashed by MD5 which is vulnerable to a collision attack.

Resolving The Problem
To resolve this issue, generate your own self-signed certificates:

  1. Make a backup copy of the original SSL certificate file:

TWA_Home/eWAS/profiles/TIPProfile/etc/TWSServerKeyFile.jks

  1. Run the executable script ikeyman.sh found in:

TWA_Home/eWAS/bin

  1. Load the file TWSServerKeyFile.jks found in:

TWA_Home/eWAS/profiles/TIPProfile/etc/

When prompted for a password enter the word: default

  1. Delete the server certificate.

  2. Create new server certificate by selecting: New Self-Signed

  3. Fill in the requested information. Use SHA-2 as the hashing algorithm.

  4. Save as a JKS file with the filename:

TWA_Home/eWAS/profiles/TIPProfile/etc/TWSServerKeyFile.jks

  1. Restart eWAS

Product Alias/Synonym
Maestro
TWS
TWA

沈金华
关注
SSL Certificate Signed Using Weak Hashing Algorithm,使用弱哈希算法签名的 SSL 证书的解决方法,在docker下Nginx生成ssl证书https
weixin_40555654的博客
06-24 1万+
SSL Certificate Signed Using Weak Hashing Algorithm,使用弱哈希算法签名的 SSL 证书的解决方法,在docker下Nginx生成ssl证书https协议
SSL Certificate Signed Using Weak Hashing AlgorithmSSL Medium Strength Cipher Suites Supported的解决方...
weixin_30483495的博客
08-08 6447
这两天有个项目被扫描器报了几个中危,都是SSL证书的问题。记录一下解决方案吧。 第一个问题:SSL Certificate Signed Using Weak Hashing Algorithm 这里的原因是因为使用弱算法签名的证书。 解决方案查了下总结下来是换算法。 操作步骤:   1、从证书颁发机构安装服务器的身份验证证书   2、在注册表HKEY_LOCAL_MACHINE\SY...
【漏洞复现】CVE-2004-2761:使用弱哈希算法签名的 SSL 证书(SSL Certificate Signed Using Weak Hashing Algorithm)
qq_43455906的博客
08-07 2万+
本次复现是针对编号为CVE-2004-2761的漏洞,由于条件有限,本次复现通过创建自签名证书进行操作。解决证书链中的 SSL 证书使用弱哈希算法进行签名的问题。
SSL Certificate Signed Using Weak Hashing Algorithm(CVE-2004-2761)
weixin_40133285的博客
04-26 3万+
SSL Certificate Signed Using Weak Hashing Algorithm(CVE-2004-2761) Windows Server 2012 R2 验证存在、搜索或下载证书工具、生成证书、导入证书、添加证书访问权限、在RDP-tcp中加载证书、验证证书生效情况、遗留问题 Trusted、SSL Self-Signed Certificate可申请官方机构颁布证书 The remote service uses an SSL certificate chain that has
【漏洞复现】CVE-2004-2761 使用弱哈希算法签名的 SSL 证书(SSL Certificate Signed Using Weak Hashing Algorithm)
m0_61331237的博客
04-09 1887
在结束之际,我想重申的是,学习并非如攀登险峻高峰,而是如滴水穿石般的持久累积。尤其当我们步入工作岗位之后,持之以恒的学习变得愈发不易,如同在茫茫大海中独自划舟,稍有松懈便可能被巨浪吞噬。然而,对于我们程序员而言,学习是生存之本,是我们在激烈市场竞争中立于不败之地的关键。一旦停止学习,我们便如同逆水行舟,不进则退,终将被时代的洪流所淘汰。因此,不断汲取新知识,不仅是对自己的提升,更是对自己的一份珍贵投资。让我们不断磨砺自己,与时代共同进步,书写属于我们的辉煌篇章。需要完整版PDF学习资源私我。
An SSL certificate in the certificate chain has been signed using a weak hash algorithm
07-28
- *1* *2* [SSL Certificate Signed using Weak Hashing Algorithm](https://blog.csdn.net/weixin_42369552/article/details/102589691)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":...
tomcat漏扫修复及调优
a120717的博客
06-30 5222
环境 Centos7 8G tomcat7 nessus漏扫修复 12085 - Apache Tomcat Servlet / JSP Container Default Files 删除tomcat/webapps/下example、doc、manager,(ROOT保留,内部只留下自定义的404页面) 35291 - SSL Certificate Signed...
本地git安装完成之后,从远程git服务器上面下载代码。报错SSL certificate problem:self signed certificate in certificate chain.
caichengji1的博客
11-28 350
解决方案:打开git的控制端黑窗口,输入: git config --global http.sslVerify false 点击Entry之后,就会去掉git的ssl验证。 然后就可以正常的下载代码。
记 Nessus 扫描工具 51192 - SSL Certificate Cannot Be Trusted 漏洞修复!
最新发布
二爷记
07-22 3534
一、关于 Nessus 扫描工具Nessus —系统漏洞扫描与分析软件!Nessus 是全世界最多人使用的系统漏洞扫描与分析软件,总共有超过75,000个机构使用Nessus 作为扫描该机构电脑系统的软件。Nessus对个人用户是免费的,只需要在官方网站上填邮箱,立马就能收到注册号了,对应商业用户是收费的。二、扫描漏洞报错信息源网页漏洞内容:Vulnerabilities51192 - SSL C...
解决tomcat关于SSL的漏
xiaowen_10的专栏
07-28 1万+
用nessus扫描tomcat的ssl漏洞并修复sslv2 sslv3的漏洞
SSL证书(HTTPS)背后的加密算法
weixin_34297704的博客
05-13 412
之前我们介绍SSL工作原理了解到当你在浏览器的地址栏上输入https开头的网址后,浏览器和服务器之间会在接下来的几百毫秒内进行大量的通信。这些复杂的步骤的第一步,就是浏览器与服务器之间协商一个在后续通信中使用的密钥算法。这个过程简单来说是这样的:浏览器把自身支持的一系列Cipher Suite(密钥算法套件,后文简称Cipher)[C1,C2,C3, …]发给服务器;服务器接...
SSH Weak Algorithms Supported漏洞修复
浩瀚天空的博客
09-30 6866
rhel6.6 Nessus安全扫描中发现漏洞: SSH Weak Algorithms Supported Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against us...
SSL chiper
chuan8120的博客
06-01 628
密钥交换算法,用于决定客户端与服务器之间在握手的过程中如何认证,用到的算法包括RSA,Diffie-Hellman,ECDH,PSK等 加密算法,用于加密消息流,该名称后通常会带有两个数字,分别表示密钥的长度和初始向量的长度,比如DES 56/56, RC2 56/128, RC4 128/128, AES 128/128, AES 256/256 报文认证信息码(MAC)算法,用于创
self signed certificate
一侠 的 专栏
03-09 1518
http://www.dataparadis.net/osp/gnu-linux-server/web-server/creating-a-secure-apache-directory-with-a-self-signed-ssl-certificate/ http://www.tc.umn.edu/~brams006/selfsign_redhat.html http://www.tc.u
执行Git命令时出现各种 SSL certificate problem 的解决办法
热门推荐
officercat的专栏
10-11 12万+
比如我在windows下用git  SSL certificate problem: self signed certificate
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值