| Subtotal | $0.00 |
USD
U.S. DollarEuroBritish PoundCanadian DollarsAustralian DollarsIndian RupeesChina Yuan RMBMore Info →
We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page.
| Subtotal | $0.00 |
We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page.
Here is a basic logic to follow in relation to the SHA-1/SHA-2 situation:
1. If you have an active SSL Certificate - read on, if not - you’re probably not affected and can disregard the SHA-2 hassle.SHA-2 certificates require proper SHA-2 intermediate certificates. You can find a full list of CA bundles signed with SHA-2 algorithm here. Make sure to use these during SSL certificate installation to avoid browser errors in future.
Please note that Comodo (now Sectigo) is using both SHA-1 and SHA-2 Root certificates. There is no final ETA on when these roots will be fully migrated to SHA-2. However, at this point mentioned SHA-1 root certificates possess no security problems, as TLS clients trust them by their identity, rather than by the signature of their hash. At the same time, you can obtain the SHA-2 root for your certificate as well.
A signature algorithm is an essential part of SSL security and is one of the basic things that makes SSL certificates secure for different browsers, applications and software.
Some time ago the SHA-1 algorithm is the most popular and widely used algorithm. This algorithm replaced MD5 completely back in 2004, when MD5 was considered compromised and absolutely non-secure. Now, the same thing is being done for SHA-1; it's being replaced with the more secure SHA-2 algorithm.
Though SHA-1 is still considered to be secure to use for now, the Internet community and some major web companies such as Microsoft and Google already think the world should move to the better security provided by the SHA-2 algorithm in SSL certificates, to avoid any content spoofs or man-in-the-middle attacks. To ensure the transition will be as smooth as possible, we've decided to start right away.
Microsoft announced the necessity to consider moving to the SHA-2 algorithm back in November 2013. The process of algorithm transition was not very active until early September 2014, when Google informed the public that they were beginning to sunset SHA-1 for their products, starting with Google Chrome 39.
At this time, the biggest concern is for the certificate owners whose certificates expire after December 31, 2015. Starting January 1, 2016, certificates with SHA-1 are no longer issued and are eliminated from usage - they are considered non-secure in browsers and will return an error to the end user. The same goes for certificates that are signed with SHA-2 algorithm but have an SHA-1 intermediate certificate in the chain.
Starting November 6, 2014, Namecheap provides SHA-2 signed certificates by default.
Need help? We're always here for you.