Summary:
On January 1st 2016 Symantec updated their chain to support SHA256 signing from the root level. An update to Venafi is needed to continue to issue SHA256 certificates using Symantec.
More Info:
Up until 12/31/15 the Symantec MPKI Vice2 driver supported two different VeriSign/Symantec products.
Product 1: SHA1 intermediate with SHA1 root
Product 2: SHA256 intermediate with SHA1 root
As of 1/1/16, Symantec/VeriSign discontinued Product 1 and added a Product 3.
Product 1: Discontinued
Product 2: SHA256 intermediate with SHA1 root
Product 3: SHA256 intermediate with SHA256 root
This has been fixed in 15.3.4, 15.4.1 and all future releases of Venafi Trust Protection Platform.
Comments