There are big changes ahead for SSL certificates and anyone who uses one to secure their website needs to make sure they are aware of what’s going on.
What is happening?
Two major internet browsers, Chrome and Firefox, have announced plans to end support for SSL certificates that use SHA-1 encryption. Eventually, all sites using SHA-1 will be considered unsecure by these browsers. That means visitors will be unlikely to view affected sites as trustworthy.
Why is this happening?
SHA-1 is almost 20 years old and advances in technology mean it is no longer as secure as it once was. Don’t worry, this doesn’t mean your site is at risk of being hacked if your SSL certificate uses SHA-1. The problem is that it may soon be possible for hackers to create fake certificates and use them to launch websites that look legitimate but are fraudulent. Such sites could trick people into giving away personal details including credit card information. For this reason, SHA-1 is being phased out and replaced with more secure alternatives to help protect the web as a whole.
When will it happen?
Firefox: In future versions of the browser, people visiting a website with a SHA-1 certificate issued after January 1st 2016 will receive an “untrusted connection” error. After January 1st 2017, all sites using a SHA-1 certificate will trigger an “untrusted connection” message.
Chrome: When Chrome 39 is released in November 2014, any SHA-1 certificate that is valid after January 1st 2007 will no longer be considered fully trustworthy. To start with, users will see a symbol that indicates the site is secure but with minor errors. Eventually, future versions of Chrome will display these sites as being insecure.
What you need to do
First, determine whether you will be affected by the change. If you don’t already know whether your SSL certificate uses SHA-1, you can find out by using this tool on the Globalsign site.
If your SSL certificate does use SHA-1, then there’s no need to panic. But you will need to take action to make sure you are not affected by these changes. We recommend reissuing your SSL certificate in SHA-256 as soon as possible.