Showing results for 
Search instead for 
Did you mean: 

SHA-1 Certificate expiring for PB/EAS app

Former Member
0 Kudos

I have a former client that is having a HUGE production problem with EAS 6.3.1 crashing, so they backed out and went to their prior PB9/EAS 4.2.x .  One of the main reasons for the upgrade was because EAS 4.x doesn't support SHA-2.  Now the urgent issue is coming up with a workaround to not use the SHA-1 certificates.  I've never seen any of this code, other than doing a simple upgrade of the server components and adding try/catch for every method.  From what I am told there is a single process on the client that uses the SHA-1 to pass the userid/pw via iiops to the server for authentication.  That is what must be replaced immediately.  We've got about 2 weeks to code something so it can be tested and implemented in prod before the certificates expire in May.  Hoping someone has had some experience with this and can make some suggestions.  I also want to find out, since everything I've heard tells me that EAS 5.5 is much more reliable than 6.x, does 5.5 support SHA-2?


Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Kevin;

1) EAS 5,5 only supports SHA-1 certificates. Support for SHA-2 was added in EAS 6.1.

2) EAS 5.5 is very stable. My Canadian government clients still use this release  (not many of those left these days however).

3) EAS 5.5 is much faster handling NVUO's because it deals with the C++ objects directly. The EAS 6.x architecture changed that and started treating NVUO's as Beans - hence interfacing through a Java wrapper, which made the execution much slower. 


Regards ... Chris

Former Member
0 Kudos

I'm sorry Kevin, I have no experience of EAS 4.

Have you tried using a new SHA-1 certificate, given it is only U/PD data on the LAN the risk is minimal and no worse than they have now.

Alternatively you can not use IIOPS and encrypt the detail at the client side and decrypt then server side.

We do however, have experience of EAS 6.3 and may be able to help with the crashing problems as a more longer term solution.