SHA-1 Deprecation

Document created by Mark_Hanson Employee on Dec 19, 2016
Version 1Show Document
  • View in full screen mode

In early 2017, Google and other browser vendors are planning on deprecating support for SHA-1 certificates. This has potential to introduce new warnings or impact to legacy and current products using SHA-1 certificates.


For more information, please review the following resources:


Google (SHA-1 Certificates in Chrome)

Timeframe: Jan-March 2017

Chrome will have an optional policy setting to allow trust of SHA-1


Mozilla (Phasing Out SHA-1 on the Public Web)

Timeframe: January 2017

Firefox will show an overridable "Untrusted Connection" error


Microsoft (Windows Enforcement of SHA-1 Certificates)

Timeframe: February 2017

"There will be no impact for roots that are not included in Microsoft Trusted Root Program, such as enterprise or self-signed roots that you’ve chosen to trust"



We encourage everyone to secure their systems as a matter of priority.


Thank you,


CA Workload Automation Team