E-Commerce Solutions

The next steps in transitioning your certificates to the stronger SHA-2 hashing algorithm.

This informational note follows on from our initial discussion of the transition to SHA-2.

Since Microsoft first published their timescale for discontinuing the use of SHA-1 for SSL and code-signing certificates, there have been announcements from other browser authors about their plans. These other announcements have increased the urgency with which action must be taken.

This note sets out the measures that Comodo has already taken, as well as further measures that we will be taking shortly, to ensure that all certificates which we issue for your customers will remain useful in the long term.

Comodo's SHA-2 transition plan

September 8, 2014

Comodo continue to offer a free certificate re-issuance program for SSL.

All existing SSL customers can have their SHA-1 SSL certificate replaced with an SHA-2 equivalent by logging into their account, locating the certificate order and using the existing 'Replace Certificate' facility.

September 8, 2014

Comodo will issue SHA-2 certificates by default.

We provide options at the point of sale to allow customers to elect to receive an SHA-1 certificate if they have a particular need of an SHA-1 certificate. If customers do not explicitly select SHA-1, they will receive an SHA-2 certificate where possible.

September 22, 2014

Comodo will support only SHA-2 for any SSL certificate issued after 22nd September which expires after 2016.

Comodo will support only SHA-2 for any Code-signing certificate issued after 22nd September which expires after 2015.

January 1, 2016

Comodo will no longer issue any SHA-1 based code signing or SSL certificates.

Why is this change being made?

SHA-1 and SHA-2 are cryptographic 'Hash' algorithms. They are used as one of the algorithms in the digital signatures that make certificates work.

Over time, cryptographic algorithms become relatively weaker as they are degraded by potential attacks through both the availability of increasingly powerful computers and advanced cryptanalysis.

Older hash algorithms such as MD2, MD4 and MD5 have already been discontinued since they are not adequately secure against realistic threats today. Now SHA-1 is going the same way.

Why is this change being made NOW?

The end has been in sight for SHA-1 for a long time. NIST have been directing the use of SHA-2 for some time. The recent announcements have crystalized actual dates when support for SHA-1 will be removed from mainstream operating systems and browsers.

Why should you care?

Unless you ensure you certificates are SHA-2 compliant by the deadlines listed, your customers may begin to see a degraded UI in their browsers. We recommend you get an SHA-2 based replacement certificate using the 'Replace Certificate' feature as soon as convenient.

The move to SHA-2 is part of a continued effort by CA's and browser vendors to ensure that the encryption standards in use at any point in time are at least 10 years ahead of the most advanced cryptanalysis techniques. SHA-1 will be de-supported altogether by mainstream platforms that you care about before 2017.

But does anything still need SHA-1?

Microsoft Windows XP SP2 and below does not support SHA-2.

Many unlicensed copies of Microsoft Windows use this old version (XP SP2) because Microsoft's license enforcement program (Windows Genuine Advantage) was not introduced until SP3.

There is one estimate of the breakdown of systems incapable of using SHA-1 here.

There is a full list of operating systems, browsers and servers which support SHA-2 on the CA Security Council website here

Can you still get an SHA-1 certificate if you need it?

For the moment, yes.

Until January 1, 2015, if you choose 'SHA-1' at the point of sale we will issue an SHA-1 certificate for one year.

From January 1, 2015 through December 2015 we will issue SHA-1 SSL certificates for up to one year, but you will see a warning at the point of purchase that any site using this certificate will receive a degraded user-interface in Google's Chrome browser.

What if you already have an SHA-1 certificate that expires in or after 2016?

You will always be able to get a free replacement SHA-2 certificate from Comodo.

We will shortly be reaching out to customers using longer-lived SHA-1 certificates that were issued either long before these announcements were made or just before we implemented these policy changes and helping them to get a replacement SHA-2 certificate.

Announcements of removal or restriction of SHA-1 support

Microsoft: The following, italicized, text was taken from http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx on March 5th 2014.

There will be separate time-lines for discontinuing SHA1-based SSL and code signing certificates.

  • CAs must stop issuing new SHA1 SSL and Code Signing certificates by 1 January 2016.
  • For SSL certificates, Windows will stop accepting SHA1 certificates by 1 January 2017. This means any SHA1 SSL certificates issued before or after this announcement must be replaced with a SHA2 equivalent by 1 January 2017.
  • For code signing certificates, Windows will stop accepting SHA1 signed code and SHA1 certificates that are time stamped after 1 January 2016. SHA1 signed code time stamped by an RFC 3161 Time Stamp Authority before 1 January 2016 will be accepted until such time when Microsoft decides SHA1 is vulnerable to pre-image attack.

© 2014 Microsoft Corporation. All rights reserved.

Google: http://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html

Mozilla (FireFox): “stop accepting SHA-1-based SSL certificates with notBefore >= 2014-03-01 and notAfter >= 2017-01-01, or any SHA-1-based SSL certificates after 2017-01-01”