How to Install Windows XP Hotfix KB 968730 for SHA2 Certificate Support
If you are using Windows XP and you need to obtain certificates from a Windows Server 2008-based certification authority (CA) that is configured to use SHA2 encryption, you may encounter some issues. For example, you may receive an error message that says \"Cannot find the requested object\" when you try to enroll for a certificate. This is because Windows XP does not support SHA2 hashing algorithms by default.
Fortunately, there is a hotfix available from Microsoft that can resolve this problem. The hotfix is KB 968730 and it adds support for SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in the X.509 certificate validation process. This enables Windows XP clients to communicate with Windows Server 2008 CAs that use SHA2 encryption.
To install the hotfix, you need to have Windows XP Service Pack 3 (SP3) installed on your computer. You can download the hotfix from the Microsoft Support website[^2^]. The file name is WindowsXP-KB968730-x86-PTB.exe and it is about 1 MB in size. You can also contact Microsoft Customer Service and Support to obtain the hotfix if you prefer.
After you download the hotfix, double-click the file and follow the instructions on the screen. You may need to restart your computer after the installation is complete. Then, you should be able to obtain certificates from a Windows Server 2008-based CA that uses SHA2 encryption without any errors.
Note that this hotfix is intended to correct only the problem that is described in this article. It may not work for other issues that involve Windows Installer or certificate enrollment. If you have any questions or concerns, please contact Microsoft Customer Service and Support for further assistance.
Why do you need SHA2 encryption support SHA2 encryption is a family of cryptographic hash functions that are more secure and reliable than the older SHA1 encryption. SHA1 encryption has been found to have some weaknesses that make it vulnerable to attacks. For example, in 2017, researchers demonstrated that they could create two different PDF files that have the same SHA1 hash value. This is called a collision and it can compromise the integrity and authenticity of digital signatures and certificates.
SHA2 encryption does not have this problem because it uses longer and more complex hash values that are harder to manipulate. Therefore, many organizations and websites are switching to SHA2 encryption to protect their data and communications. For example, Google Chrome and Mozilla Firefox have stopped accepting SHA1 certificates since 2017. Microsoft has also announced that it will stop supporting SHA1 certificates in Windows by 2023.
Therefore, if you are using Windows XP and you need to access or interact with websites or services that use SHA2 encryption, you may encounter some compatibility issues. For example, you may not be able to view some web pages or download some files. You may also not be able to install or update some software or drivers. To avoid these problems, you need to install the hotfix KB 968730 that adds SHA2 encryption support to Windows XP. 061ffe29dd
💄 • Unlocking Beauty for All: Where Professionals and the Public are Welcome to our Store! •