Product:TIBCO Spotfire Web Player
Versions:7.5 and higher
Summary:
This article describes how to upgrade a TIBCO Spotfire Node Manager's certificate hashing algorithm from SHA-1 to SHA-2.
Details:
This article explains how to upgrade the Node Manager's certificate hashing algorithm from SHA-1 to SHA-2 (SHA-256)
In Spotfire 7.5 and higher, a certificate is used for establishing trust between the nodes in the Spotfire collective. The certificate is generated by the Spotfire Server which, by default, uses the SHA-1 hashing algorithm for signing for compatibility reasons.
Resolution:
If all servers running Node Managers support the SHA-2 hashing algorithm, then this can be changed through configuration:
- On the Spotfire Server machine, launch a command prompt as an Administrator.
- Browse to \tomcat\bin folder and execute the "set-config-prop" command.
- For additional information about this command, review the Spotfire Server Installation and Administration manual.
Command:
--------------
config set-config-prop --name="security.ca.cert-signature-algorithm" --value="SHA256withRSA"
--------------
- Restart Spotfire server and Node Manager services after executing the above command.
- After this nm.log shows that the configuration change has the desired effect for the node certificate as follows:
--------------
security.trust.CertUtil: Signature Algorithm : SHA256withRSA
--------------
Versions:7.5 and higher
Summary:
This article describes how to upgrade a TIBCO Spotfire Node Manager's certificate hashing algorithm from SHA-1 to SHA-2.
Details:
This article explains how to upgrade the Node Manager's certificate hashing algorithm from SHA-1 to SHA-2 (SHA-256)
In Spotfire 7.5 and higher, a certificate is used for establishing trust between the nodes in the Spotfire collective. The certificate is generated by the Spotfire Server which, by default, uses the SHA-1 hashing algorithm for signing for compatibility reasons.
Resolution:
If all servers running Node Managers support the SHA-2 hashing algorithm, then this can be changed through configuration:
- On the Spotfire Server machine, launch a command prompt as an Administrator.
- Browse to \tomcat\bin folder and execute the "set-config-prop" command.
- For additional information about this command, review the Spotfire Server Installation and Administration manual.
Command:
--------------
config set-config-prop --name="security.ca.cert-signature-algorithm" --value="SHA256withRSA"
--------------
- Restart Spotfire server and Node Manager services after executing the above command.
- After this nm.log shows that the configuration change has the desired effect for the node certificate as follows:
--------------
security.trust.CertUtil: Signature Algorithm : SHA256withRSA
--------------