Skip to Main Content
Spotfire Ideas Portal
Status Already exists
Product Spotfire
Categories Installation
Created by Guest
Created on Jan 3, 2022

use a key size of at least 3072-bit to secure the backend communication over the port 9443

According the below link, the generation and signing of the certificate happens during the installation. Each Spotfire server generates its own root certificate. That means, the week signing algorithm (SHA-1) is part of the installation.

Node Trust and Back-End HTTPS Communication (

Spotfire will need to provide us with an upgrade or service pack that ensures that the key size is at least 3072-bit and the signing algorithm is at least SHA128.

We would like to suggest to TIBBCO to include this enhancement in future releases or fixes.

Implemented in 10.1
  • Attach files
  • Guest
    Jan 3, 2022

    The signing algorithm (used for both CA and end-entity certificates) is configurable and is by defaylt SHA256withRSA since TIBCO Spotfire Server 10.1.0. If the CA certificates were generated using an earlier version then you may need to revoke all certificates using the reset-trust command (after this new CA certificates will be generated, and you will need to re-trust all existing nodes).

    The key length is also configurable. The default is currently 2048 - in accordance with the current Mozilla recommendations. Note that any changes to configured value will only have effect on new certificates (so re-configure first and then run reset-trust).

    • Configuration property for signing algorithm:

    • Configuration property for key length: