Hello
My systems are regularly scanned by Trustwave for PCI compliance and they have today reported that they will no longer accept the SHA1 certificate signing algorithm.
Full details of the error are as follows:
Subject: /O=captive-portal.peplink.com/OU=Domain Control Validated/CN=captive-portal.peplink.com
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com , Inc./OU=Sign In Daddy Secure Certification Authority/serialNumber=07969287
Certificate Chain Depth: 0
Certificate Signature Alg: sha1WithRSAEncryption
I’m not sure what the devices are using this SSL certificate for, but am I able to replace the certificate with one of my own? Do you have any plans to upgrade the default certificate to a SHA256 signed version?
Regards
Ashley
TK_Liew
October 27, 2015, 11:38am
2
Hi Ashley,
May I know which model you used to scan? We do have fixed on this.
Thanks for getting back to me.
The issue was seen with both our Peplink 380 and our Peplink 210
Regards
Ashley
Hello, I’m getting this on my Balance One as well.
TK_Liew
October 28, 2015, 12:51pm
5
TK_Liew
October 28, 2015, 12:53pm
6
Thanks for the reply
Could you please re-post the link to the new firmware for the B210 Hw2-3 as I believe the link above is incorrect?
Also, do I need to change any settings once I install the new firmware of should it automatically move over to the
SHA256 certificate?
Thanks
Ashley
TK_Liew
November 10, 2015, 1:06pm
9
ashleyh:
Thanks for the reply
Could you please re-post the link to the new firmware for the B210 Hw2-3 as I believe the link above is incorrect?
Also, do I need to change any settings once I install the new firmware of should it automatically move over to the
SHA256 certificate?
Thanks
Ashley
Hi Ashley,
The download link for B210 Hw2-3 should be working fine now. New firmware will use SHA256 automatically.
ashleyh
November 10, 2015, 3:49pm
10
Hello
The link in your post from 10/29 above downloads the following file:
fw-b20_30 -6.2.3s012-build3064.bin
When I uploaded that file to my B210, it didn’t accept it as valid.
Ashley
TK_Liew
November 10, 2015, 8:01pm
11
ashleyh
November 11, 2015, 3:53pm
12
Hello
Thanks for the new link. I have now upgraded both Peplinks and they are running the new firmware as follows:
Peplink Balance 210: 6.2.3s012 build 3064
Peplink Balance 380: 6.2.3s012 build 3398
Both are running with the Latest (Firmware 6.2+) option set in SpeedFusion > PepVPN Settings for backwards compatibility.
Unfortunately, my systems are still failing the Trustwave PCI scan with the following error:
Insecure Certificate Algorithm in Use
Subject: /O=captive-portal.peplink.com/OU=Domain Control Validated/CN=captive-portal.peplink.com
Issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com , Inc./OU=Sign In Daddy Secure Certification Authority/serialNumber=07969287
Certificate Chain Depth: 0
Certificate Signing Algorithm: sha1WithRSAEncryption
i.e. the same error as before
Ashley
ashleyh
November 16, 2015, 1:32am
13
Hello
Is there any update on this issue?
Thanks
Ashley
TK_Liew
November 16, 2015, 4:10pm
14
Hi Ashley,
Sorry for the confusing. We will support new cert. signed with SHA256 starting from 6.3.0. v6.3.0RC to be available by next week.
Vishal_Agrawal:
Any update?
Hi,
You can download the 6.3.0 RC firmware by using the following URL:
Open Beta Program To participate in the Peplink Open Beta Program, please carefully read the following terms and conditions and signify your acceptance by selecting the appropriate option. TERMS & CONDITIONS OF PEPLINK OPEN BETA PROGRAM THE BETA...
Est. reading time: 2 minutes
Thank You
Regards,
Sit Loong