Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

9/17/2014
11:00 AM
Dark Reading
Dark Reading
Products and Releases
100%
0%

DigiCert Releases Tool to Simplify SHA-2 Migration for System Administrators

Google's new policy to show warnings in the Chrome browser for SHA-1 certificates as early as this November makes migration to SHA-2 a high priority for website operators

LEHI, UT (Sept. 17, 2014) — DigiCert, Inc., a leading global Certificate Authority and provider of trusted identity and authentication services, today released a free tool which helps system administrators analyze their use of SHA-1 hashing algorithms across all domains and subdomains—and map out a path for SHA-2 migration. Google’s Aug. 19 announcement that it would accelerate deprecation of SHA-1 certificates, including giving untrusted warnings to sites with SHA-1 certificates that expire in 2016, makes it necessary for many administrators to migrate to SHA-2 by as early as November or risk their customers receiving downgraded trust indicators in Chrome.

Using the DigiCert® SHA-1 Sunset Tool, administrators can determine validity periods for their SHA-1 SSL certificates and receive information about how Google’s new policy will affect user interaction with these certificates. DigiCert issues new certificates with SHA-2 by default and has done so for nearly a year. For those choosing to migrate their existing SHA-1 to a new DigiCert-issued SHA-2 certificate, DigiCert will provide a free replacement matching the length of the existing certificate licensing term, regardless of whether or not they are a DigiCert customer.

“With the busy holiday shopping season nearing and the threat of a downgraded user trust experience looming for Chrome users, DigiCert is taking extra steps to help ease the burden of accelerated SHA-2 migration timelines for administrators,” said DigiCert CEO Nicholas Hales. “Our new SHA-1 Sunset Tool saves time and effort by providing a comprehensive analysis of an organization’s certificate landscape, including where SHA-1 certificates exist, which software and hardware support SHA-2, and a review of how Google’s new timelines may affect any given site. We also understand that SHA-2 migration involves costly system and device upgrades for organizations and so we’re offering to match for free the remaining term of any existing SHA-1 certificate that is converted to SHA-2.”

Some key timelines are important to keep in mind regarding Google’s SHA-1 deprecation:

·         November 2014 - SHA-1 SSL Certificates expiring any time in 2017 will show a warning in Chrome.

·         December 2014 - SHA-1 SSL Certificates expiring after June 1, 2016 will show a warning in Chrome.

·         Q1 2015 - SHA-1 SSL Certificates expiring any time in 2016 will show a warning in Chrome.

Additionally, Microsoft has announced the following SHA-1 deprecation timelines:

·         January 1, 2016 - Certificate Authorities must stop issuing new SHA-1 SSL and Code Signing Certificates. Microsoft will stop trusting SHA-1 Code Signing Certificates without time stamps.

·         January 1, 2017 - Microsoft will stop trusting SHA-1 SSL Certificates.

In addition to receiving a full report of their current SHA-1 deployment across all domains via the SHA-1 Sunset Tool, administrators can take advantage of other DigiCert tools and features to optimize their certificate deployment. DigiCert customers can use a built-in feature to their customer accounts to monitor SHA-2 migrations as they take place, in real-time, using the SHA-1 Sunset Tool. They also can use their account to issue new certificates and benefit from free reissues at any time. Non-DigiCert customers can access the DigiCert Certificate Inspector to review real-time SSL certificate and endpoint deployment across internal and external networks and identify areas for improvement, including flagging SHA-1 certificates and expiration dates.

DigiCert provides leading products and customer support for today’s increasingly connected world, enabling organizations to authenticate their digital identities and encrypt the data that they and their customers share online. Combining personal, timely and knowledgeable customer service with intuitive certificate management tools, DigiCert provides a five-star experience to organizations looking to optimize their security in an efficient and effective manner. As a result, DigiCert continues to attract the business of the world’s leading brands, including five of the U.S. Alexa Top 6. DigiCert also works with SMBs, manufacturers, healthcare organizations, and channel and software integration providers to help them secure information in-transit. This includes being the go-to partner for emerging markets such as the Internet of Things, Wi-Fi security and Directed Exchange of healthcare information.

To learn more about how upcoming SHA-1 deprecation timelines will affect certificate users, and to begin using the free SHA-2 migration tool, visit https://www.digicert.com/sha1-sunset/. Also, DigiCert has compiled a list of hardware and software supporting SHA-2 here: https://www.digicert.com/sha-2-compatibility.htm.

Read more details at DigiCert’s blog: https://blog.digicert.com/what-is-sha-2-and-how-it-affects-you.   

About DigiCert, Inc.

DigiCert is a premier, trusted provider of enterprise security solutions with an emphasis on authentication and encryption via managed PKI and high-assurance digital certificates. Headquartered in Lehi, Utah, DigiCert is trusted by more than 80,000 of the world’s leading government, finance, healthcare, education and Fortune 500® organizations. DigiCert has been recognized with dozens of awards for providing enhanced customer value, premium customer service and market growth leadership. For the latest DigiCert news and updates, visit digicert.com, like DigiCert on Facebook® or follow Twitter® handle @digicert.

# # #

 

PRESS CONTACT

Jeff Chandler

DigiCert, Inc.

P: (801) 701-9653

M: (385) 225-1207

[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17666
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.