Werk #16762: check certificates: fix signature algorithm configuration

Component Checks & agents
Title check certificates: fix signature algorithm configuration
Date Apr 24, 2024
Level Trivial Change
Class Bug Fix
Compatibility Incompatible - Manual interaction might be required
Checkmk versions & editions
2.3.0b6 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Upgrading from 2.3.0b4 to a later version could cause the Check Certificates settings for signature algorithms to load incorrectly due to missing choices in the old settings.

This werk ensures correct loading.

This work is incompatible because some old algorithms are no longer available. Old configurations are converted as follows:

rsa

  • sha224: RSA_WITH_SHA224
  • sha256: RSA_WITH_SHA256
  • sha384: RSA_WITH_SHA384
  • sha512: RSA_WITH_SHA512
  • sha3_224: RSA_WITH_SHA224
  • sha3_256: RSA_WITH_SHA256
  • sha3_384: RSA_WITH_SHA384
  • sha3_512: RSA_WITH_SHA512

ecdsa

  • sha224: ECDSA_WITH_SHA224
  • sha256: ECDSA_WITH_SHA256
  • sha384: ECDSA_WITH_SHA384
  • sha512: ECDSA_WITH_SHA512
  • sha3_224: ECDSA_WITH_SHA224
  • sha3_256: ECDSA_WITH_SHA256
  • sha3_384: ECDSA_WITH_SHA384
  • sha3_512: ECDSA_WITH_SHA512

rsassa_pss

Everything to RSASSA_PSS

ed25519

ED25519

dsa

  • sha224: DSA_WITH_SHA224
  • sha256: DSA_WITH_SHA256
  • sha384: DSA_WITH_SHA256
  • sha512: DSA_WITH_SHA256
  • sha3_224: DSA_WITH_SHA224
  • sha3_256: DSA_WITH_SHA256
  • sha3_384: DSA_WITH_SHA256
  • sha3_512: DSA_WITH_SHA256

To the list of all Werks