Hi,
AFAIk no, because TMG has been discontinued and the statement regarding CNG support in TMG is clear, as the product was in lifecycle:
This is not entierly correct. What's true is, that TMG doesn't support CNG, and this support will most likely not be added any more...however we fully support certificates which are issues by CryptoAPI. With CryptoAPI you can also generate certificates with SHA-2 Hash size 256.
- Proposed as answer by Anders Janson Friday, November 28, 2014 12:23 PM
Hi Philipp,
I can confirm that from the real world, I am currently working on deploying "SHA256" certificates to a number of TMG deployments.
As long as you create the cert request correctly, you'll be fine.
Hi Anders
Could you explain further please? I have a SHA256 cert for a 2008 R2 IIS Server which shows the full chain but installed on TMG it does not show the full chain so I get a chain incomplete error
thanks
I assume that you are talking about web publishing.
Regardless, you need to make sure that in the certificates snap-in for local computer on the TMG server that you can view the entire chain when you look at the certificate used for publishing. If not, then you don't have the root/intermediate certificates correctly installed. This has nothing to do with TMG whatsoever. The server where TMG is installed will not understand what is happening on another server.