SHA-1 replaced by SHA-2

As you may already have heard, SHA-1 is being phased out in favor of SHA-2.

Why you ask?
The tech giants, namely Google, Microsoft and Firefox have decided to stop SHA-1 support due to technical weaknesses that make it vulnerable to a collision attack.

Why does this affect you?
As the major browsers stop supporting SHA-1 certificates, whenever someone visits your site, your visitor will be shown an error message and will not be able to access the requested SSL page.

How can I check that my certificate is SHA-1 or SHA-2?
You can check by visiting the site in your browser and viewing the certificate that the browser received. The details of how to do that can vary from browser to browser but generally if you click or right-click on the lock icon, there should be an option to view the certificate details.

In the list of certificate fields, look for one called “Certificate Signature Algorithm”. You should see either SHA-1 or SHA-2 within this line.

There is also a great testing tool on this site:
https://www.sha2sslchecker.com/

What if my site is running a SHA-1 SSL?
Contact your SSL issuer for specific instructions on how to upgrade your cert.
This should not cost you any money to do. If they try to charge you, it may be time to find a new SSL vendor.

Leave a Reply