This article explains how to upgrade the Node Manager's certificate hashing algorithm from SHA-1 to SHA-2 (SHA-256)

In Spotfire 7.5 and higher, a certificate is used for establishing trust between the nodes in the Spotfire collective. The certificate is generated by the Spotfire Server which, by default, uses the SHA-1 hashing algorithm for signing for compatibility reasons.

All

If all servers running Node Managers support the SHA-2 hashing algorithm, then this can be changed through configuration:

- On the Spotfire Server machine, launch a command prompt as an Administrator.
- Browse to \tomcat\bin folder and execute the "set-config-prop" command.
- For additional information about this command, review the Spotfire Server Installation and Administration manual.

Command:
--------------
config set-config-prop --name="security.ca.cert-signature-algorithm" --value="SHA256withRSA"  
--------------

- Restart Spotfire server and Node Manager services after executing the above command.
- After this nm.log shows that the configuration change has the desired effect for the node certificate as follows:
--------------
security.trust.CertUtil:     Signature Algorithm : SHA256withRSA
--------------

This article describes how to upgrade a TIBCO Spotfire Node Manager's certificate hashing algorithm from SHA-1 to SHA-2.

• set-config-prop command, TIBCO Spotfire Server and Environment - Installation and Administration manual 
  • https://docs.tibco.com/pub/spotfire_server/11.4.7/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/set-config-prop.html
• Standards and Algorithms, TIBCO Spotfire® Server and Environment Security manual
  • https://docs.tibco.com/pub/spotfire_server/11.4.7/doc/html/TIB_sfire_server_and_environment_security/servsecurity/topics/standards_and_algorithms.html