Product: TIBCO Spotfire®
How to upgrade Node Manager's certificate hashing algorithm from SHA1 to SHA2
Versions: 7.5 and higher
This article explains how to upgrade Node Manager's certificate hashing algorithm from SHA1 to SHA2.
In Spotfire 7.5 and higher, a certificate is used for establishing trust between the nodes in the Spotfire collective. The certificate is generated by the Spotfire Server which, by default, uses the SHA-1 hashing algorithm for signing for compatibility reasons.
Resolution
If all Windows servers running Node Manager's support SHA-2 hashing algorithm then this can be changed through configuration:
- On the Spotfire Server machine, launch a command prompt as an Administrator.
- Browse to \tomcat\bin folder and execute the "set-config-prop" command.
- For additional information about this command, review the Spotfire Server Installation and Configuration manual.
Command:
--------------
config set-config-prop --name="security.ca.cert-signature-algorithm" --value="SHA256withRSA"
--------------
- Restart Spotfire server and Node Manager services after executing the above command.
- After this nm.log shows that the configuration change has the desired effect for the node certificate as follows:
--------------
security.trust.CertUtil: Signature Algorithm : SHA256withRSA
--------------
Reference
Refer to the following Spotfire server manual to learn more about the "set-config-prop" command:
https://docs.tibco.com/pub/spotfire_server/7.6.0/doc/pdf/TIB_sfire_server_7.6.0_installation.pdf
Comments
0 comments
Article is closed for comments.