Executive Summary

The use of the signing algorithm has been deprecated in favor of the newer and more secure SHA-2 algorithm.

Google’s announcement on Sept 5th 2014 accelerated the timeline for browser checking of SHA-1 in web server SSL certificates so that Chrome will display security notices where SHA-1 is encountered. This will incur negative user experience effects for website visitors where the SSL certificate is using SHA-1.

As of 8 September 2015, Comodo (Sectigo) will issue SHA-2 certificates by default.

Actions required. Depending on the expiration dates, customers are advised to replace existing SHA-1 certificates with SHA-2 based certificates. Please see the Important Dates section below, paying particular attention to the Google Chrome timeline.

New certificates issued by Comodo after Monday Sept 22nd, 2015 will be signed with a SHA-2 base intermediate certificate. This intermediate certificate needs to be present in the keystore of the web server.

Customers need to ensure they install the entire certificate chain, including intermediary certificates, and not just the end-entity server certificate. This is best practice for installing any SSL certificate.

Comodo's SHA-2 transition plan

September 8, 2014	Comodo continues to offer a free certificate re-issuance program for SSL. All existing SSL customers can have their SHA-1 SSL certificate replaced with an SHA-2 equivalent by logging into their account, locating the certificate order and using the existing 'Replace Certificate' facility.
September 8, 2014	Comodo will issue SHA-2 certificates by default. We provide options at the point of sale to allow customers to elect to receive an SHA-1 certificate if they have a particular need of an SHA-1 certificate. If customers do not explicitly select SHA-1, they will receive an SHA-2 certificate where possible.
September 22, 2014	Comodo will support only SHA-2 for any SSL certificate issued after 22nd September which expires after 2016. Comodo will support only SHA-2 for any Code-signing certificate issued after 22nd September which expires after 2015.
January 1, 2016	Comodo will no longer issue any SHA-1 based code signing or SSL certificates.

Why has this change being made?

SHA-1 and SHA-2 are cryptographic 'Hash' algorithms. They are used as one of the algorithms in the digital signatures that make certificates work.

Over time, cryptographic algorithms become relatively weaker as they are degraded by potential attacks through both the availability of increasingly powerful computers and advanced cryptanalysis.

Older hash algorithms such as MD2, MD4 and MD5 have already been discontinued since they are not adequately secure against realistic threats today. Now SHA-1 is going the same way.

Important Dates

• January 1 2016 - Microsoft products, including Internet Explorer and Chrome, will cease to trust SHA-1 code signing certificates
  
• January 1 2017 – Microsoft products will cease to trust SHA-1 website SSL certificates (end entity and intermediate)
  
• November 2014 – Google Chrome 39 will show a yellow triangle over the padlock (‘secure, but with minor errors’) for SHA-1 certificates that expire on or after 1 January 2017
  
• Q1 2014 – Chrome 40 will continue to show the yellow triangle over the padlock for SHA-1 certs that expire between 1 June 2016 and 31 December 2016. However, Chrome will show the ‘neutral, lacking security’ icon for SHA-1 certificates that expire after 1 January 2017. The ‘neutral’ icon is the ‘blank page’ icon seen if you visit a http page. There will be no padlock.
  
• Q1 2015 – Chrome 41 will show the yellow triangle over the padlock for SHA-1 certs that expire between 1 January 2016 and 31 December 2016. SHA-1 certificates that expire after 1 January 2017 will be treated as ‘affirmatively insecure’ for SHA-1 certificate The ‘affirmatively insecure’ display is a padlock with a red ‘X’ overlaid, and ‘https’ will be shown in red, struck-through text in the address bar.

More details are available at:

• https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000zFKE
• https://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx

Why was this change made NOW?
The end has been in sight for SHA-1 for a long time. NIST have been directing the use of SHA-2 for some time. The recent announcements have crystallized actual dates when support for SHA-1 will be removed from mainstream operating systems and browsers.

Why should you care?
Unless you ensure you certificates are SHA-2 compliant by the deadlines listed, your customers may begin to see a degraded UI in their browsers. We recommend you get an SHA-2 based replacement certificate as soon as convenient.

The move to SHA-2 is part of a continued effort by CA's and browser vendors to ensure that the encryption standards in use at any point in time are at least 10 years ahead of the most advanced cryptanalysis techniques. SHA-1 will be de-supported altogether by mainstream platforms that you care about before 2017.

But does anything still need SHA-1?
Microsoft Windows XP SP2 and below does not support SHA-2. Many unlicensed copies of Microsoft Windows use this old version (XP SP2) because Microsoft's license enforcement program (Windows Genuine Advantage) was not introduced until SP3.

There is one estimate of the breakdown of systems incapable of using SHA-1 here.

There is a full list of operating systems, browsers and servers which support SHA-2 on the CA Security Council website here

What if you already have an SHA-1 certificate that expires in or after 2016?
You will always be able to get a free replacement SHA-2 certificate from Sectigo.

How to identify SHA-1 certificates using SCM
Please see the attached .pdf file

Announcements of removal or restriction of SHA-1 support
Microsoft. The following, italicized, text was taken from http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx on March 5th 2014.

There will be separate time-lines for discontinuing SHA1-based SSL and code signing certificates.

• CAs must stop issuing new SHA-1 SSL and Code Signing certificates by 1 January 2016.
• For SSL certificates, Windows will stop accepting SHA-1 certificates by 1 January 2017. This means any SHA-1 SSL certificates issued before or after this announcement must be replaced with a SHA-2 equivalent by 1 January 2017.
• For code signing certificates, Windows will stop accepting SHA-1 signed code and SHA1 certificates that are time stamped after 1 January 2016. SHA-1 signed code time stamped by an RFC 3161 Time Stamp Authority before 1 January 2016 will be accepted until such time when Microsoft decides SHA-1 is vulnerable to pre-image attack.

Google. Google’s plans for changing the UI of Chrome when a SHA-1 certificate is detected is outlined in their blog post here:
http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html

If you have any questions and/or issues, please contact Support: