Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


11:00 AM
Dark Reading
Dark Reading
Products and Releases

DigiCert Releases Tool to Simplify SHA-2 Migration for System Administrators

Google's new policy to show warnings in the Chrome browser for SHA-1 certificates as early as this November makes migration to SHA-2 a high priority for website operators

LEHI, UT (Sept. 17, 2014) — DigiCert, Inc., a leading global Certificate Authority and provider of trusted identity and authentication services, today released a free tool which helps system administrators analyze their use of SHA-1 hashing algorithms across all domains and subdomains—and map out a path for SHA-2 migration. Google’s Aug. 19 announcement that it would accelerate deprecation of SHA-1 certificates, including giving untrusted warnings to sites with SHA-1 certificates that expire in 2016, makes it necessary for many administrators to migrate to SHA-2 by as early as November or risk their customers receiving downgraded trust indicators in Chrome.

Using the DigiCert® SHA-1 Sunset Tool, administrators can determine validity periods for their SHA-1 SSL certificates and receive information about how Google’s new policy will affect user interaction with these certificates. DigiCert issues new certificates with SHA-2 by default and has done so for nearly a year. For those choosing to migrate their existing SHA-1 to a new DigiCert-issued SHA-2 certificate, DigiCert will provide a free replacement matching the length of the existing certificate licensing term, regardless of whether or not they are a DigiCert customer.

“With the busy holiday shopping season nearing and the threat of a downgraded user trust experience looming for Chrome users, DigiCert is taking extra steps to help ease the burden of accelerated SHA-2 migration timelines for administrators,” said DigiCert CEO Nicholas Hales. “Our new SHA-1 Sunset Tool saves time and effort by providing a comprehensive analysis of an organization’s certificate landscape, including where SHA-1 certificates exist, which software and hardware support SHA-2, and a review of how Google’s new timelines may affect any given site. We also understand that SHA-2 migration involves costly system and device upgrades for organizations and so we’re offering to match for free the remaining term of any existing SHA-1 certificate that is converted to SHA-2.”

Some key timelines are important to keep in mind regarding Google’s SHA-1 deprecation:

·         November 2014 - SHA-1 SSL Certificates expiring any time in 2017 will show a warning in Chrome.

·         December 2014 - SHA-1 SSL Certificates expiring after June 1, 2016 will show a warning in Chrome.

·         Q1 2015 - SHA-1 SSL Certificates expiring any time in 2016 will show a warning in Chrome.

Additionally, Microsoft has announced the following SHA-1 deprecation timelines:

·         January 1, 2016 - Certificate Authorities must stop issuing new SHA-1 SSL and Code Signing Certificates. Microsoft will stop trusting SHA-1 Code Signing Certificates without time stamps.

·         January 1, 2017 - Microsoft will stop trusting SHA-1 SSL Certificates.

In addition to receiving a full report of their current SHA-1 deployment across all domains via the SHA-1 Sunset Tool, administrators can take advantage of other DigiCert tools and features to optimize their certificate deployment. DigiCert customers can use a built-in feature to their customer accounts to monitor SHA-2 migrations as they take place, in real-time, using the SHA-1 Sunset Tool. They also can use their account to issue new certificates and benefit from free reissues at any time. Non-DigiCert customers can access the DigiCert Certificate Inspector to review real-time SSL certificate and endpoint deployment across internal and external networks and identify areas for improvement, including flagging SHA-1 certificates and expiration dates.

DigiCert provides leading products and customer support for today’s increasingly connected world, enabling organizations to authenticate their digital identities and encrypt the data that they and their customers share online. Combining personal, timely and knowledgeable customer service with intuitive certificate management tools, DigiCert provides a five-star experience to organizations looking to optimize their security in an efficient and effective manner. As a result, DigiCert continues to attract the business of the world’s leading brands, including five of the U.S. Alexa Top 6. DigiCert also works with SMBs, manufacturers, healthcare organizations, and channel and software integration providers to help them secure information in-transit. This includes being the go-to partner for emerging markets such as the Internet of Things, Wi-Fi security and Directed Exchange of healthcare information.

To learn more about how upcoming SHA-1 deprecation timelines will affect certificate users, and to begin using the free SHA-2 migration tool, visit https://www.digicert.com/sha1-sunset/. Also, DigiCert has compiled a list of hardware and software supporting SHA-2 here: https://www.digicert.com/sha-2-compatibility.htm.

Read more details at DigiCert’s blog: https://blog.digicert.com/what-is-sha-2-and-how-it-affects-you.   

About DigiCert, Inc.

DigiCert is a premier, trusted provider of enterprise security solutions with an emphasis on authentication and encryption via managed PKI and high-assurance digital certificates. Headquartered in Lehi, Utah, DigiCert is trusted by more than 80,000 of the world’s leading government, finance, healthcare, education and Fortune 500® organizations. DigiCert has been recognized with dozens of awards for providing enhanced customer value, premium customer service and market growth leadership. For the latest DigiCert news and updates, visit digicert.com, like DigiCert on Facebook® or follow Twitter® handle @digicert.

# # #



Jeff Chandler

DigiCert, Inc.

P: (801) 701-9653

M: (385) 225-1207

[email protected]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-19
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
PUBLISHED: 2019-11-19
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context ...
PUBLISHED: 2019-11-19
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
PUBLISHED: 2019-11-19
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI ...
PUBLISHED: 2019-11-19
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.