Product: TIBCO Spotfire®
How to upgrade Node Manager's certificate hashing algorithm from SHA1 to SHA2
This article explains how to upgrade Node Manager's certificate hashing algorithm from SHA1 to SHA2.
In Spotfire 7.5 and higher, a certificate is used for establishing trust between the nodes in the Spotfire collective. The certificate is generated by the Spotfire Server which, by default, uses the SHA-1 hashing algorithm for signing for compatibility reasons.
If all Windows servers running Node Manager's support SHA-2 hashing algorithm then this can be changed through configuration:
- On the Spotfire Server machine, launch a command prompt as an Administrator.
- Browse to \tomcat\bin folder and execute the "set-config-prop" command.
- For additional information about this command, review the Spotfire Server Installation and Configuration manual.
Command:
--------------
config set-config-prop --name="security.ca.cert-signature-algorithm" --value="SHA256withRSA"
--------------
- Restart Spotfire server and Node Manager services after executing the above command.
- After this nm.log shows that the configuration change has the desired effect for the node certificate as follows:
--------------
security.trust.CertUtil: Signature Algorithm : SHA256withRSA
--------------
Refer to the following Spotfire server manual to learn more about the "set-config-prop" command:
https://docs.tibco.com/pub/spotfire_server/7.6.0/doc/pdf/TIB_sfire_server_7.6.0_installation.pdf
Comments
0 comments
Article is closed for comments.