skip to primary navigationskip to content
 

Phasing out of SHA-1-based certificates

Most web server certificates issued up to the middle of 2014 contained digital signatures based on the SHA-1 hash function. There have been concerns about the long-term security of SHA-1 for some time, and browser manufacturers and certification authorities plan to stop using it in favour of the newer SHA-2 function.

Background

Microsoft and Mozilla have announced that they will drop support for SHA-1 in their browsers from the end of 2016. However, in September 2014 Google announced a more radical plan to reduce support for SHA-1 in Chrome from the following November.

Google's plans involve a complicated schedule for replacing the normal padlock 'security indicator' in the browser bar. This schedule depends on both the version of Chrome in use and the expiry date of the certificates concerned (there is a SHA-1 Certificate Test Page that will show how any particular web server will be affected by these changes):

  • Sites using certificates expiring before the end of 2015, or which already use the newer SHA-2 algorithm, will be unaffected. 
  • When accessing sites using SHA-1 certificated that expire during 2016 the security indicator will change to a warning symbol starting from Chrome 42 (due April 2015).
  • When accessing sites using SHA-1 certificates that expire after the end of June 2016, the security indicator changed to a warning symbol starting from Chrome 40 (released January 2015).
  • When accessing sites using SHA-1 certificates that expire after the end of 2016, the security indicator changed to a warning symbol starting in Chrome 39 (released November 2014), then to the icon used for unsecured pages in Chrome 40 (released January 2015), and then to an error indication in Chrome 42 (due April 2015).

See Google's original announcement for further details, and a subsequent announcement postponing some changes from Chrome 41 to Chrome 42. Google intend to start actively rejecting SHA-1 certificates from 2017.

SHA-2 certificates

To address all this, certificates based on the newer SHA-2 standard are needed. UIS has been working with its certificate supplier, Janet, who have in turn been working with their partners and industry providers, and all certificates issued by UIS' TLS Certificate Scheme since 10th October 2014 contain signatures that use the SHA-2 algorithm.

Significant exceptions

The vast majority of browsers and other SSL/TLS clients will work with SHA-2 certificates. Significant exceptions include:

  • Windows prior to XP SP3
  • Android prior to version 2.2
  • Clients using OpenSSL prior to version 0.9.8o.

There are numerous compatibility lists to be found on the web, for example this one from Globalsign.

In addition, the new Janet SHA-2 certificates use a new chain of intermediate certificates to link them to the trust root certificates present in browsers. When configuring web servers to use the new certificates, it is also necessary to configure them to use the new intermediate certificates by following the instructions that accompany the certificate or the instructions at Janet: Installation and deployment. Extra care is needed on web servers that need to support SHA-1 and SHA-2 certificates simultaneously.

Certificate replacement

Most certificates issued by the UIS TLS Certificate Scheme have a three year lifetime, so most certificates issued since 2013 will be affected in some way. In particular those issued between 1 January and 22 September 2014 will have expiry dates after the end of 2016 and need to be replaced. The SHA-1 Certificate Test Page will let you check how a particular server is affected.

UIS arranged with Janet to replace all SHA-1 certificates issued under the Janet scheme that expired after the end of 2016 automatically, at no cost to the University. In addition, certificates issued between 23 September and 9 October 2014 were given an expiry date of 31 December 2016 as an early response to this issue and these were also replaced.

This process started on 27 November 2014 and is now complete. Replacement certificates were emailed to the contact address supplied with the original application.

Certificates expiring during 2016 will remain valid until they expire, but sites using them are marked 'secure but with minor errors' by Chrome from version 40 (release January 2015). We don't currently plan to bulk-replace these, but are keeping the situation under review. Webmasters are welcome to apply for a replacement for one of these certificates if they feel doing so is appropriate for particular web sites and their audiences (for example it might be appropriate to replace such certificates on high-profile external-facing web sites but perhaps not necessary on internal sites with a small audience).

Last updated: March 2015.