In December 2015, Commercial Certificate Authorities (CA) halted their issue of SHA-1 SSL certificates to make way for the more secure SHA-2 hashing algorithm. All new certificates will use SHA-2, and no renewals will happen for expiring SHA-1 certificates. Support will extinguish for SHA-1 certificates on January 1, 2017. Google, Microsoft, and Mozilla are already starting to announce the change and their impending refusal to accept SHA-1 certificates.
Steps You Need to Take
You will need to upgrade to SHA-2 based SSL certificates before December 2016. Failure to do so may result in errors or failed transactions. These changes are important to security, as encryption systems rely on new algorithms to ensure a lowered ability to forge certificate signatures. The faster a computer is, the more vulnerable the algorithm is to collision attack.
It’s important that organizations take the necessary steps for SHA-1 deprecation. Upgrade all current devices, apps, and systems using SSL certificates to SHA-2 as soon as possible, at least by the end of this year. Legacy systems that don’t support SHA-2 should be replaced by ones that do.
Photo credit: Markus Spiske