Switch to SHA256 Soon
Gaurav Maniar
Founder specializing in IT Outsourcing, PKI, and Managed Security Solution at GavBit Private Limited
SSL uses several cryptography hash algorithms to create encrypted channel to secure communication between client and server. At initial level it was MD5 hash algorithm that was being used for encryption channel. Time moves and hacker found serious security related issues with MD5 as it was easily reversible. As preventive measure and to make internet more secure Certificate Authorities have been disallowed to issue MD5 hash algorithm signed SSL Certificates. This had been discovered in December 2008 by the group of hackers. They had used a weakness in the MD5 signatures algorithm to make fake SSL certificate.
After this incident Certificate Authorities had switched their SSL Certificate to SHA1 Algorithm. It has been 7 years that Certificate Authorities using SHA1 to Signed and issue certificate. But as The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be. It was found that it was cheaper and affordable to crack SHA-1 algorithm that is used by still many websites are using SHA-1 Signed SSL Certificate.
Many website have to contact their certificate authority (CA) to get their certificate reissued to with SHA256 Algorithm. Please note that if your Certificate Authority still uses SHA-1 in their Intermediate or Root SSL Certificate you will get error message. Please check following screenshot for the same:
World's one of the most popular browser Chrome has already started process to sun-setting SHA-1 (as used in certificate signatures for HTTPS) HTTPS websites whose certificate chains use SHA-1 with displaying minor error. However, Google Chrome minor error for sun-setting SHA-1 is the clear display that SHA1 is unsecure for SSL Certificate.
SHA-1's use on the Internet has been deprecated since 2011, when the CA/Browser Forum, an industry group of leading web browsers and certificate authorities (CAs) are working together to establish basic security requirements for SSL certificates.
There are many tools available in on Internet to identify the issue regarding SHA1 Signed SSL certificate. You can always use them to check how much secure your SSL Certificate is and it will help you.
SHA Checker - https://www.shachecker.com/
SSL Labs - https://www.ssllabs.com/ssltest/
SSL is for security of your customers or website visitors and it is always better to keep your security up to date to make sure that your website visitors won't feel insecure on your website and keep faith in your site to do online transaction.
It is always better to contact someone who has experience and expertise. The experience person will help you to choose right kind of SSL certificate. Please check out my website for more about SSL Certificate benefits and what SSL Certificate is best for you. You can always contact me on [email protected]