Spotfire Ideas Portal
According the below link, the generation and signing of the certificate happens during the installation. Each Spotfire server generates its own root certificate. That means, the week signing algorithm (SHA-1) is part of the installation.
Node Trust and Back-End HTTPS Communication (tibco.com)
Spotfire will need to provide us with an upgrade or service pack that ensures that the key size is at least 3072-bit and the signing algorithm is at least SHA128.
We would like to suggest to TIBBCO to include this enhancement in future releases or fixes.
| Implemented in | 10.1 |
The signing algorithm (used for both CA and end-entity certificates) is configurable and is by defaylt
SHA256withRSAsince TIBCO Spotfire Server 10.1.0. If the CA certificates were generated using an earlier version then you may need to revoke all certificates using thereset-trustcommand (after this new CA certificates will be generated, and you will need to re-trust all existing nodes).The key length is also configurable. The default is currently
2048- in accordance with the current Mozilla recommendations. Note that any changes to configured value will only have effect on new certificates (so re-configure first and then runreset-trust).Configuration property for signing algorithm:
security.ca.cert-signature-algorithmConfiguration property for key length:
security.ca.rsa-key-strength