ÃÛÌÒTV

Announcements 09-17-2014

What Is SHA-2 and How the SHA-1 Deprecation Affects You

ÃÛÌÒTV

SSL pulse currently reports thatÌýonlyÌý.

Microsoft announced last year that it would end trust for SHA-1 SSL Certificates after January 1, 2017 to address possible threats in the future.

Earlier this month, Google announced they would be adding warning indicators for sites using SHA-1 certificates expiring after December 31, 2017 in an upcoming version of Chrome to be released sometime in November 2014. Subsequent updates of Chrome would also warn visitors on sites using SHA-1 certificates expiring in 2016.

As your security partner, ÃÛÌÒTV has already made SHA-256 the default for all new SSL Certificates issued, and strongly recommends that all customers re-key their SHA-1 certificates to avoid possible Chrome browser warnings due to the accelerated Google timeline.

Simple Tools to Make SHA-1 Migration Easy

ÃÛÌÒTV strongly recommends that SHA-1 certificates be updated to SHA-256 as soon as possible to avoid any possible browser warning for end users.ÌýÃÛÌÒTV has two easy-to-use and free tools to make SHA-1 migration as easy as possible.

SHA-1 Tracker

TheÌýSHA-1 trackerÌýquickly gives administrators a list of all SHA-1 certificates they have on the Internet and lets them replace any SHA-1 certificates with a free ÃÛÌÒTV SHA-2 certificate to make the transition to SHA-2 easier.

Certificate Inspector

If you have SHA-1 certificates on your internal networks, you can use Certificate Inspector. Certificate Inspector is a cloud-basedÌýÌýplatformÌýthat quickly finds all certificates on an internal and external network, including SHA-1ÌýcertificatesÌýand makes it easy to migrate them to SHA-2.

SHA-256 Migration Options

To ensure compliance with the Google SHA-1 policy change, we've put together these 3 quick options for customers and non-customers to ensureÌýthat their sites remain secure.

  1. Re-key your certificate with SHA-2

    Most certificate providers allow for free re-keys of SSL Certificates. If you have a SHA-1 certificate, your provider should allow for you to generate a new SHA-256 certificate for free.

    All ÃÛÌÒTV certificates come with unlimited free re-keys. Although ÃÛÌÒTV issues SHA-2 certificates by default, those customers using SHA-1 certificates for backwards compatibility can update their certificates to SHA-2 by using the re-key option in their ÃÛÌÒTV account.

  2. Replace your SHA-1 certificate with a free SHA-2 certificate

    Waiting for a new certificate to be issued can be a painful process. But getting a new certificate shouldn't take days or weeks—ÃÛÌÒTV issues our fully verified and trusted certificates in a matter of minutes.

    To help you make the move as painless as possible, ÃÛÌÒTV is replacing any SHA-1 certificate issued by another Certificate Authority with an equivalent ÃÛÌÒTV SHA-256 certificate for free.ÌýTheÌýSHA-1 SunsetÌýtool identifies all SHA-1 certificates issued to your domain and makes it easy to upgrade to SHA-2 for free.

  3. Re-issue a SHA-1 certificate up to December 31, 2015

    Most platforms have already been updated to support SHA-2 though patches or hotfixes. For platforms that don’t yet support SHA-2, administrators can re-issue their SHA-1 certificate and set the expiration date to December 31, 2015. This allows you to keep your certificates in compliance with the new SHA-1 Google policy and avoid any browser warning for your site online.

    For a full list of SHA-2 platforms, see ourÌýSHA-2 compatibilityÌýpage.

    http://digicert.com/sha-2-compatibility.htmIf you need to continue using a SHA-1 certificate because of platform compatibility issues, ourÌý24-hour customer support teamÌýcan help extend your SHA-1 SSL Certificate to the maximum deadline for free.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205