SHA-1 Deprecation

Document created by Mark_Hanson Employee on Dec 19, 2016
Version 1Show Document
  • View in full screen mode

In early 2017, Google and other browser vendors are planning on deprecating support for SHA-1 certificates. This has potential to introduce new warnings or impact to legacy and current products using SHA-1 certificates.

 

For more information, please review the following resources:

 

Google (SHA-1 Certificates in Chrome)

Timeframe: Jan-March 2017

Chrome will have an optional policy setting to allow trust of SHA-1

 

Mozilla (Phasing Out SHA-1 on the Public Web)

Timeframe: January 2017

Firefox will show an overridable "Untrusted Connection" error

 

Microsoft (Windows Enforcement of SHA-1 Certificates)

Timeframe: February 2017

"There will be no impact for roots that are not included in Microsoft Trusted Root Program, such as enterprise or self-signed roots that you’ve chosen to trust"

 

 

We encourage everyone to secure their systems as a matter of priority.

 

Thank you,

 

CA Workload Automation Team

Attachments

    Outcomes