I am currently developing an environment in which EAP-TLS authentication is used in the built-in Wi-Fi radio. On this radio, we upload several certificates for authentication (client certificate, private key file for the client, and the root certificate of the CA). I recently came across this Windows Blog post and several other posts about abandoning the SHA1 hash algorithm for signing a certificate.
My main question / concern is that the radio I use does not support the use of any certificates stronger than SHA1 (does not support SHA2 at all), and I wanted to know if EAP-TLS and other 802.1X methods would affect this transition to SHA2. Will there be a CA (or Root CA if the client has created its own or Intermediate CA, in case my clients use a third-party Root CA), can they issue SHA1 certificates yet or will they also be stopped?
I appreciate any help and support on this issue.
source share