The certification authorities (CAs) have provided methods to have your certificates issued and signed using a SHA-2 hashing algorithm. As we move ahead, you will see the CAs changing the default signing algorithm from SHA-1 to SHA-2.
If you’re in the process of migrating from SHA-1 to SHA-2 certificates, you may be realizing what a massive undertaking it is to discover and replace all the certificates your organization uses and relies upon. For an in-depth breakdown of how to develop a successful transition to SHA-2, download, “A Migration Guide to SHA-2 SSL Certificates: Avoiding pitfalls, meeting critical deadlines and eliminating service disruptions during SHA-1 certificate deprecation” by Entrust Datacard.
We have previously reviewed implementation of SHA-2, but with Bruce Schneier stating the need to migrate away from SHA-1 and the SHA-1 deprecation policy from Microsoft, the industry must start to make some progress in 2014.
U.S. NIST Guidance counseled that SHA-1 should not be trusted past January 2014 for the higher level of assurance communications over the U.S. Federal Bridge PKI. Entrust Datacard covers the technical and business reasons you need to move to SHA-2 by the experts at Entrust Datacard.
If you have yet to migrate to SHA-2, check out Entrust Datacard’s SHA-2 Migration Guide. It will help you plan and execute a successful SHA-2 migration to avoid extra costs, eliminate service disruptions and ensure compliance.
The migration of from SHA-1 to SHA-2 SLL certificates is not trivial and has the potential to cause major problems, particularly if the process is not carefully planned and all affected parties are not considered. Entrust Datacard helps you to navigate this transition smoothly to ensure nothing is overlooked; all technological implications are considered; technology is implemented properly; and people know what to do in the event issues arise.
Research indicates that SHA-1 signed SSL/TLS certificates face increasing vulnerabilities forcing leading browsers to reconsider how long they will support this technology. This blog outlines dates around the phasing out of SHA-1.
On January 1, 2016, the public trust certification authorities (CAs) will stop issuing SHA-1 signed SSL/TLS certificates. The bottom line is SHA-1 is vulnerable. New studies have shown that the safety factor is decreasing. Continuing to issue SHA-1 signed certificates could compromise a CA or could compromise a legitimate website. Unfortunately for old browser and operating users, the servers must continue to move to SHA-2 signed certificates. These users should try to move to supported systems.