Still running SCCM 2007 ? then make sure you are aware of this


A SHA-1 deprecation coming to Windows will affect Configuration Manager, especially 2007 which doesn’t support SHA-2 algorithms.

SHA-1 is a legacy cryptographic hash that many in the security community believe is no longer secure. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Microsoft, in collaboration with other members of the industry, is working to phase out the SHA-1 protocol and to warn consumers of the possible risk when they encounter websites using the SHA-1 protocol.

Official Statement from Microsoft

Microsoft has recently posted official statements on how this change affects all supported releases:

  • ConfigMgr 2007
  • ConfigMgr 2012
  • Current Branch

ConfigMgr 2007:

ConfigMgr 2012:

Current Branch:

If you are running ConfigMgr 2007 + 3rd Party Trusted Root CA + Native Mode + SHA-1 certificates, then you will have problems and it’s time to consider upgrading (better late than never). Configuration Manager 2012 and onwards can handle SHA-2 no problem

cheers and thanks to Adam for the insights and heads-up


This entry was posted in ConfigMgr 2007, ConfigMgr 2012, sha-1, System Center Configuration Manager (Current Branch). Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.