sha1 certitifcate

[Hyper200]

Azure flexiable server is deployed with a sha1 certitifcate for TLS connectivtiy.

https://learn.microsoft.com/en-us/answers/questions/1199915/certificates-do-not-conform-to-algorithm

sha1 certitifcates has been unsupported and depreaced since 2021 (https://learn.microsoft.com/en-us/lifecycle/announcements/sha-1-signed-content-retired)

Can this be upgraded to sha256?

[pjanuario]

The usage of this SHA1 certificates causes several issues on java codebases (such as Keycloak, Debezium).

The problem is caused by Oracle disabling hash algorithms which are no longer considered to be secure. Take a look at JRE_HOME/lib/security/java.security It contains the following properties:

• jdk.certpath.disabledAlgorithms
• jdk.tls.disabledAlgorithms

[wirowka]

@msftgits - can we have an update on this issue?

[javafrog]

This is becoming an issue for us as well! We have to manually patch Keycloak to support an insecure algorithm to be able to work with Azure Database for PostgreSQL flexible server.

Please do address this security issue.

[Erikvv]

Theres a notification in Azure Portal that they're changing the root CA this month.

[TAC911]

Is there a specific date when the change will be completed?

[marcinkwapiszcomarch]

Hi, the problem is still there, is there any way to force the rotation of the certificate? Or when all instances will have new certificate?