We need to update our Azure Cloud service with a brand new cert.
The one I have been given specifies sha256 as the signature hash algorithm.
We previously had one with sha1.
When I tried to update and package of the Azure deployment the error I get states that the thumprint is not valid.
Error 8 The XML specification is not valid: The 'thumbprint' attribute is invalid - The value 'REDACTED' is invalid according to its datatype 'http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration:ThumbprintType' - The Pattern constraint failed.
In the ServiceConfiguration.Cloud.cscfg file, the XML looks like this:
<Certificates>
<Certificate name="cert" thumbprint="REDACTED" thumbprintAlgorithm="sha1" />
</Certificates>
with the thumprint attribute squiggly lined as the error above.
I've tried thumbprintAlgorithm=256, but this didn't work, presumably not a valid value.
Does it need to be sha1? Can Azure support sha256?
EDIT:
I found the following in the service defintion schema, that indicates sha256 is allowed:
<xs:attribute name="thumbprintAlgorithm" type="ThumbprintAlgorithmTypes" use="required">
<xs:annotation>
<xs:documentation>
The hash algorithm that generates a digest of data (or thumbprint)
for digital signatures such as MD5, SHA1, SHA256. This is different than
the algorithm used in creating the signature inside the certificate.
</xs:documentation>
</xs:annotation>
</xs:attribute>
however, the only type value allowed by the schema is sha1 as follows:
<xs:simpleType name="ThumbprintAlgorithmTypes">
<xs:restriction base="xs:string">
<xs:enumeration value="sha1">
<xs:annotation>
<xs:documentation>
Algorithm currently used in certmgr.msc to display thumbprint.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
Any ideas? Googling sha256 and that XML node is not getting me far.