SSL certificates and SHA algorithms

This post describes a significant change in the way Web browsers recognize certain kinds of SSL certificates. We’re making sure that all SSL certificates bought from us are compatible with this change, and most customers can ignore the rest of this post, which has technical details.

If your site uses an SSL certificate, it’s “signed by” a trusted company using a certain cryptographic “algorithm”. Over the years, companies have used different algorithms.

One of these algorithms, called SHA-1, was later found to be flawed. The flaw potentially allows a determined attacker to forge a certificate and impersonate another site. Ideally, everyone would have stopped using SHA-1 after this flaw was found and switched to a newer, more secure algorithm called SHA-2 (sometimes referred to as SHA-256) — but most people didn’t, primarily because of browser compatibility. There was a choice between making SSL sites work for visitors using very old versions of Windows XP that were never updated to XP Service Pack 3, or providing stronger security for visitors using more recent software. Most people chose weaker, but more compatible, security.

However, the recent outbreak of high-visibility security problems on the Internet has made many people reconsider this. In particular, browser manufacturers now want to force people to use the strongest security available.

Over the next few months, the Google Chrome browser will start showing a warning about some certificates that still use SHA-1. It will increase the warning severity and number of certificates affected until all SHA-1 certificates completely fail, with a prominent warning saying the site is insecure. Mozilla Firefox and Microsoft Internet Explorer are doing something similar.

Obviously, this changes the equation. If your site securely handles credit cards or passwords, it can’t keep using the weaker, older SHA-1 security. That would start failing for visitors using new browsers and operating systems.

Our company stopped selling the older SHA-1 certificates a few months ago, so new SSL customers don’t need to worry about this at all. But we’ve also analyzed all the SHA-1 certificates we’ve previously sold to customers, and we’re making sure that no sites will be marked insecure by these browser changes. If an SHA-1 certificate would have been a problem (specifically, if it expires after June 1, 2016), it will be replaced by a new “reissued” certificate with the same expiration date. You don’t need to do anything, it won’t cost you anything, and this process will be complete before any browser warnings start.

SHA-1 certificates that expire before June 1, 2016 do not need replacing immediately because they’ll be changed to SHA-2 when they’re renewed anyway, before Chrome marks them as insecure. However, you can contact us and request that such a certificate be manually replaced if you wish.

Most of our customers will notice no difference when their certificates are switched to SHA-2. The only potential problem is for visitors still using an old version of Windows XP who didn’t install the free Service Pack 3 security update in 2008. These visitors will see a security error when using some browsers — but they’ll soon start seeing errors on almost every SSL site they connect to (not just our customer sites). There aren’t many visitors like that, and they’re vastly outnumbered by the visitors who would see an error if we didn’t make this change.

Update October 14: This process is complete. All potentially affected certificates have been reissued as SHA-2 certificates and reinstalled. We’ve had no reports of any problems as a result.