Server 2003 needs hotfixes for SHA2 256 or higher encryption, or X.509 certificates

Are you still running Windows Server 2003? For shame!

Have you been keeping up with the hotfixes? Hmmm…

Well, you’re in good company. Forgetting for a moment that Microsoft ends support for Server 2003 on 16 July 2015, sometimes it’s easier to just let it keep running.

Beware what happened to us though. Our website stopped serving up a page in an iFrame from a secure site. We spoke to the company, who said the certificate had been updated and to just grab the new one. I had no problem on my local machine going directly to the page, but couldn’t do it via the website.

The company had updated their certificate to a version which our Server 2003 could no longer communicate with:

Windows Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) if the CA is configured to use SHA2 256 or higher encryption
https://support.microsoft.com/en-us/kb/968730

Applications that use the Cryptography API cannot validate an X.509 certificate in Windows Server 2003
https://support.microsoft.com/en-us/kb/938397

Not to mention that the server had IE6 on there. But thanks to Hotfixes and a swift restart, our 2003 Server machine lives to fight another day, until we finally put it out of its misery. Soon I hope.

Advertisements

One thought on “Server 2003 needs hotfixes for SHA2 256 or higher encryption, or X.509 certificates

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s