Industry shift to new password hashing algorithm will affect all SSL certificates: you need to act now.

Locks_squareThe browser industry has announced that it will soon cease to recognize digital certificates that use the SHA-1 password hashing algorithm as secure. Certificate providers such as TrustedSecure (Comodo) and Symantec are now issuing certificates with the new, stronger SHA-2 algorithm, which will soon become the default. CSC is pleased to offer free reissuance of certificates to its SSL customers.

What this means for website owners is that in the coming months, browsers such as Mozilla, Chrome and Internet Explorer will begin to display security warnings when they visit websites with the soon-to-be-obsolete SHA-1 certificates.

So as best practice, you should have existing certificates reissued with SHA-2 hashing as soon as possible, and request that all new certificates have SHA-2. (It’s important to note that not all servers support SHA-2 algorithms. You should check your server documentation or with your IT department to confirm whether SHA-2 is supported.) SHA-1 certificates will only be available for purchase up to December 31, 2014.

The table below summarizes the timetable for phasing out SHA-1.

Effective Date Certificate Expiration Date Message
Sep 2014 Jan 1, 2017 or later Chrome warning: “secure, but with minor errors”; displays lock with yellow triangle.
Jan 1, 2016 or later TrustedSecure will only issue SHA-2 certificates.Symantec recommends reissue of SHA-1 to SHA-2.
Q3-4 2014 Jan 1, 2017 or later Mozilla (Firefox) will start rejecting SHA-1 SSL certificates.
Nov 2014 June 1, 2016-December 31, 2016 Chrome warning: “secure, but with minor errors”; displays lock with yellow triangle.
Jan 1, 2017 or later Chrome warning: “neutral, lacking security”, and will display a blank page (no lock).
Q1 2015 June 1, 2016-December 31, 2016 Chrome warning: “secure, but with minor errors”; displays lock with yellow triangle.
Jan 1, 2017 or later Chrome warning: “affirmatively insecure”; displays a lock with a red X
Jan 2016 Any Microsoft will cease to trust code signing certificates with SHA-1
Jan 2017 Any Microsoft will cease to trust digital certificates with SHA-1
Urgent checks needed on digital certificates
Tagged on: