Does ArcGIS Server 10.7.1 support SHA2/HMACSHA256

ThomasColson · ‎12-05-2019

From the IIS 8.5 STIG, "The production IIS 8.5 web server must utilize SHA2 encryption for the Machine Key....

Click the IIS 8.5 web server name.
Double-click the "Machine Key" icon in the website Home Pane.
Verify "HMACSHA256" or stronger encryption is selected for the Validation method and "Auto" is selected for the Encryption method.

Before I go clicking that, does 10.7.1 support that level of encryption?

RandallWilliams · ‎12-05-2019

Thomas Colson‌ I just set this on my 10.7.1 instance and don't have problems.

ThomasColson · ‎12-05-2019

What kind of cert are you using?

RandallWilliams · ‎12-05-2019

What specifically are you looking for?

It's a cert provided by our internal CA, created using SHA256.

Note that the changes you're proposing affect the web server, but don't affect the GIS Server where ArcGIS is a client to the web adaptor host.

ThomasColson · ‎12-06-2019

So in IIS you have to select the level of encryption when you fill out the CSR, wondering if that is dependent on setting the setting above. I just checked the defaults, and just got my cert signed, so I'll test and report back.

RandallWilliams · ‎12-06-2019

I believe it does. I haven't really worried about it because I'm auto-enrolled in our CA and submit my cert requests directly to our enterprise CA from the certificates MMC, always using the SHA256 template ever since Chrome started requiring a SAN in a cert.