Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


11:00 AM
Dark Reading
Dark Reading
Products and Releases

DigiCert Releases Tool to Simplify SHA-2 Migration for System Administrators

Google's new policy to show warnings in the Chrome browser for SHA-1 certificates as early as this November makes migration to SHA-2 a high priority for website operators

LEHI, UT (Sept. 17, 2014) — DigiCert, Inc., a leading global Certificate Authority and provider of trusted identity and authentication services, today released a free tool which helps system administrators analyze their use of SHA-1 hashing algorithms across all domains and subdomains—and map out a path for SHA-2 migration. Google’s Aug. 19 announcement that it would accelerate deprecation of SHA-1 certificates, including giving untrusted warnings to sites with SHA-1 certificates that expire in 2016, makes it necessary for many administrators to migrate to SHA-2 by as early as November or risk their customers receiving downgraded trust indicators in Chrome.

Using the DigiCert® SHA-1 Sunset Tool, administrators can determine validity periods for their SHA-1 SSL certificates and receive information about how Google’s new policy will affect user interaction with these certificates. DigiCert issues new certificates with SHA-2 by default and has done so for nearly a year. For those choosing to migrate their existing SHA-1 to a new DigiCert-issued SHA-2 certificate, DigiCert will provide a free replacement matching the length of the existing certificate licensing term, regardless of whether or not they are a DigiCert customer.

“With the busy holiday shopping season nearing and the threat of a downgraded user trust experience looming for Chrome users, DigiCert is taking extra steps to help ease the burden of accelerated SHA-2 migration timelines for administrators,” said DigiCert CEO Nicholas Hales. “Our new SHA-1 Sunset Tool saves time and effort by providing a comprehensive analysis of an organization’s certificate landscape, including where SHA-1 certificates exist, which software and hardware support SHA-2, and a review of how Google’s new timelines may affect any given site. We also understand that SHA-2 migration involves costly system and device upgrades for organizations and so we’re offering to match for free the remaining term of any existing SHA-1 certificate that is converted to SHA-2.”

Some key timelines are important to keep in mind regarding Google’s SHA-1 deprecation:

·         November 2014 - SHA-1 SSL Certificates expiring any time in 2017 will show a warning in Chrome.

·         December 2014 - SHA-1 SSL Certificates expiring after June 1, 2016 will show a warning in Chrome.

·         Q1 2015 - SHA-1 SSL Certificates expiring any time in 2016 will show a warning in Chrome.

Additionally, Microsoft has announced the following SHA-1 deprecation timelines:

·         January 1, 2016 - Certificate Authorities must stop issuing new SHA-1 SSL and Code Signing Certificates. Microsoft will stop trusting SHA-1 Code Signing Certificates without time stamps.

·         January 1, 2017 - Microsoft will stop trusting SHA-1 SSL Certificates.

In addition to receiving a full report of their current SHA-1 deployment across all domains via the SHA-1 Sunset Tool, administrators can take advantage of other DigiCert tools and features to optimize their certificate deployment. DigiCert customers can use a built-in feature to their customer accounts to monitor SHA-2 migrations as they take place, in real-time, using the SHA-1 Sunset Tool. They also can use their account to issue new certificates and benefit from free reissues at any time. Non-DigiCert customers can access the DigiCert Certificate Inspector to review real-time SSL certificate and endpoint deployment across internal and external networks and identify areas for improvement, including flagging SHA-1 certificates and expiration dates.

DigiCert provides leading products and customer support for today’s increasingly connected world, enabling organizations to authenticate their digital identities and encrypt the data that they and their customers share online. Combining personal, timely and knowledgeable customer service with intuitive certificate management tools, DigiCert provides a five-star experience to organizations looking to optimize their security in an efficient and effective manner. As a result, DigiCert continues to attract the business of the world’s leading brands, including five of the U.S. Alexa Top 6. DigiCert also works with SMBs, manufacturers, healthcare organizations, and channel and software integration providers to help them secure information in-transit. This includes being the go-to partner for emerging markets such as the Internet of Things, Wi-Fi security and Directed Exchange of healthcare information.

To learn more about how upcoming SHA-1 deprecation timelines will affect certificate users, and to begin using the free SHA-2 migration tool, visit https://www.digicert.com/sha1-sunset/. Also, DigiCert has compiled a list of hardware and software supporting SHA-2 here: https://www.digicert.com/sha-2-compatibility.htm.

Read more details at DigiCert’s blog: https://blog.digicert.com/what-is-sha-2-and-how-it-affects-you.   

About DigiCert, Inc.

DigiCert is a premier, trusted provider of enterprise security solutions with an emphasis on authentication and encryption via managed PKI and high-assurance digital certificates. Headquartered in Lehi, Utah, DigiCert is trusted by more than 80,000 of the world’s leading government, finance, healthcare, education and Fortune 500® organizations. DigiCert has been recognized with dozens of awards for providing enhanced customer value, premium customer service and market growth leadership. For the latest DigiCert news and updates, visit digicert.com, like DigiCert on Facebook® or follow Twitter® handle @digicert.

# # #



Jeff Chandler

DigiCert, Inc.

P: (801) 701-9653

M: (385) 225-1207

[email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-23
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph...
PUBLISHED: 2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a...
PUBLISHED: 2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating sy...
PUBLISHED: 2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability...
PUBLISHED: 2020-11-23
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.