How to upgrade Node Manager's certificate hashing algorithm from SHA1 to SHA2

How to upgrade Node Manager's certificate hashing algorithm from SHA1 to SHA2

This article explains how to upgrade Node Manager's certificate hashing algorithm from SHA1 to SHA2.

In Spotfire 7.5 and higher, a certificate is used for establishing trust between the nodes in the Spotfire collective. The certificate is generated by the Spotfire Server which, by default, uses the SHA-1 hashing algorithm for signing for compatibility reasons. If all Windows servers running Node Manager's support SHA-2 hashing algorithm then this can be changed through configuration:

- On the Spotfire Server machine, launch a command prompt as an Administrator.
- Browse to \tomcat\bin folder and execute the "set-config-prop" command.
- For additional information about this command, review the Spotfire Server Installation and Configuration manual.

Command:
--------------
config set-config-prop --name="security.ca.cert-signature-algorithm" --value="SHA256withRSA"  
--------------

- Restart Spotfire server and Node Manager services after executing the above command.
- After this nm.log shows that the configuration change has the desired effect for the node certificate as follows:
--------------
security.trust.CertUtil:     Signature Algorithm : SHA256withRSA
-------------- Refer to the following Spotfire server manual to learn more about the "set-config-prop" command:

https://docs.tibco.com/pub/spotfire_server/7.6.0/doc/pdf/TIB_sfire_server_7.6.0_installation.pdf