More

The SSL4Less.eu brand has been merged with cyber_Folks. Login to services: cyberfolks.pl.
For more information see.

What is SHA and how does it affect my SSL certificate?

Secure Hash Algorithm (SHA) is a signing algorithm used for identity validation during the SSL process. SHA calculates a persistent and unique value (so called "hash") each time during use. Thanks to this hash function if any part of the string is changed the signature will fail to verify and the message will not be authenticated.

SHA-1 is slowly being phased out because there is a chance it will no longer be able to perform accurate identification due to its vulnerability of "collisions". "Collisions" take place when two different strings produce the same hash value; the result is a "forged" certificate which allows the client's browser to falsely verify a server's identity.

Due to the weaknesses of SHA-1 caused by its short hash length (160-bit), the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) developed SHA-2 as its successor. SHA-2 has four variants: SHA-224, SHA-256, SHA-384, and SHA-512 (The previous SHA-names according to the number of output bits).

Some major developers including Microsoft have planned full SHA-2 implantation in 2017. Google however has taken steps to do this much sooner.

Branch points of SHA-1 sunsetting

On 26 September 2014

Sites with end-entity ("leaf") certificates that expire on or after 1/1/17 and which include a SHA-1-based signature as part of the certificate chain, will be treated as "secure, but with minor errors".

On 7 November 2014

Sites with end-entity certificates that expire between 6/1/16 to 12/31/16 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as "secure, but with minor errors".

Sites with end-entity certificates that expire on or after 1/1/17, and which include a SHA-1-based signature as part of the certificate chain, will be treated as "neutral, lacking security".

In Q1 2015

Stron z certyfikatem wygasającym pomiędzy 1 stycznia 2016 a 31 grudnia 2016 (włącznie) i zawierające podpis oparty o SHA-1 jako cześć łańcucha, będą traktowane jako „bezpieczne z mniejszymi błędami”.

Sites with end-entity certificates that expire on or after 1/1/17, and which include a SHA-1-based signature as part of the certificate chain, will be treated as "affirmatively insecure". Sub-resources from such a domain will be treated as "active mixed content".

Note:

SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash.

Which certificates are affected?

If your SSL certificate meets one of these points:

  • signed with SHA-1 and expire after January 1st, 2016
  • have an Intermediate Certificate Chain that are SHA-1 signed certificates
  • issued by RapidSSL before September 15th, 2014 and expiring after January 31st, 2016 (SHA-1 Intermediate)

What should you do if you have an SSL certificate with SHA-1

To prevent future inconveniences users whose SSL certificates are using SHA-1 should contact SSLGURU for more information and guidance through the reissuance process. Certificate reissuance is a simple and effective way to fix the affected SSL certificate(s). Remember when you reissue your certificate you should also update the intermediates certificates to the new SHA-2 versions as well.

SSLGURU will be taking all necessary steps to identify the SSL certificates that are using SHA-1 and inform their users on how to avoid the consequences of SHA-1 sunsetting.

What is SHA-1 sunsetting?

On the Chrome project official blog Google announced it will start the process of sunsetting SHA-1 in November 2014. After this point HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome's user interface.

Test SSL certificate

Your SSL needs
SHA-2?

It’s a good time for a change.

Now you can get SSL certificate from DigiCert. Keep the validity period and the level of validation.
Get the 5-star quality!


Use the form below. We’ll contact you.

  • {{ msg }}
{{ successMessage }}
* - required
Offer applies to certificates that expire after 01/01/2016
If your certificate expires before that date, we will prepare for you a special offer on selected DigiCert products.

cyber_Folks S.A. – Cookie settings

Do you like good cookies? We too! Some cookies are required for the website to function properly. Also accept additional cookies related to service performance, social networking and marketing. Cookies are also used to personalize ads. Thanks to them, you will get the best experience of our website, which we are constantly improving. The consent granted voluntarily may be withdrawn or modified at any time. More information about the cookies used can be found in our privacy policy. If you prefer to specify your preferences precisely - see the types of cookies below.

Functional (always active)

These are cookies that are necessary for the website to function. The website will not function fully properly without accepting these types of cookies. Example: A cookie that saves your consent or objection is needed so that we know if we have your consent for certain actions on the website, they will also allow you to log in to the Customer Panel, place an order or contact us via chat.

Analytical and performance

They will make it possible to collect information on how to use the website. These files will allow us to count visits and traffic sources to our site, so we can measure and improve its performance, as well as find out which pages are the most and least popular, and understand how visitors navigate our site. They help us analyze website performance and collect synthetic information. Example: We can make heatmaps, so we know which content is readable and which is not, and this allows for better website design. Thanks to them, we can also see which blog entries were read more often and which less often, which allows us to develop more interesting content. The main tool we use is Google Analytics.

Social

It is social platform cookies that will enable you to be associated with your social media accounts. You can share content from our website there. Social network files (from third parties, such as Facebook) collect information to provide personalized advertising content. For example: Ads on your social media are better suited to you and you reduce the chance of seeing excess ads for already purchased services or products.

Marketing

These are files related to the operation of marketing automation systems and ad accountability. Thanks to them, we limit, for example, the number of views of a given advertisement. They also allow us to perform comparative tests, thanks to which we constantly improve the operation of our website. By testing multiple page layouts, it is easier to get one that provides the best readability for users. Communication also becomes more personalized. For example, we may give you an article on how to find a domain name when we see that you are looking for a domain and it is difficult for you to find a suitable name. We can also, for example, show you a hint about logging in, if we see several unsuccessful attempts in a row. Based on the information from these cookies and activity on other websites, your interest profile is built. We mainly use the Google and Facebook advertising network.