Google and Microsoft have both announced that they will be ending support for the SHA-1 hashing function used in a majority of SSL Certificates online. More recently, however, Google announced that they were accelerating their SHA-1 deprecation plan. They are doing so by adding a warning in Chrome for websites that use SHA-1 SSL Certificates that expire in 2016 and are stopping trust in websites that are using SHA-1 certificates that expire after 2017.
Chrome version 39 already is displaying these warnings. Future releases of Chrome will intensify the warnings and shut off access to sites that continue to use SHA-1 certificates that are expiring beyond their most recent deadline. This is obviously a problem for website owners who’s sites use SHA-1 certificates.
If you have a website with a SHA-1 certificate, what can you do?
You are left with little option other than looking at upgrading to a SHA-2 certificate. You will need to check with your provider for your options on upgrading. You should ensure certificates are compliant with the new guidelines to prevent any browser warning, so that your efforts do not go to waste. Be aware that SHA-2 certificates equire the full certificate chain to be SHA-2 compatible. Some providers might still issue from a SHA-1 certificate chain, which will still cause the security warning. So be aware of this.
What if your website doesn’t support the upgrade?
Most platforms have already been updated to support SHA-2 though patches and “hot fixes”. However, for platforms that don’t support SHA-2 just yet, administrators can re-issue their SHA-1 certificate and set that expiration date to December 31, 2015. This will keep your certificate in compliance with the new Google policy and prevent any browser warnings.
Want to get your SSL certificate sorted? Talk to us at YHP. We specialise in SSL certificates and can help you to get yours updated to be inline with the new rules.