SHA stands for Signature Hashing Algorithm;  It's a mathematical hash that proves the authenticity of the certificate.

SHA-1 is an older version of the algorithm which is no longer in use: seen as unsecure by industry experts and major browsers, it is not possible to use it during the generation process for new certificates or the reissue of old certificates.
SHA-2 is the latest version that is widely accepted and viewed as secure by all major browsers and industry experts.
The hashing algorithm of your CSR has no relevance to what hashing algorithm is used on the certificate.

If you have an old SSL certificate based on SHA-1, it's recommended to reissue it using SHA-2.

Depending on expiring date of your existing certificate, there's a precise timetable of what will happen:

On September 26th, 2014: SHA-1 signed certificates expiring on or after January 1st, 2017 will be treated as "secure, but with minor errors" and will receive the yellow triangle padlock.

On November 7th, 2014: SHA-1 signed certificates expiring on or after June 1st, 2016 to December 31st, 2016 are treated as above. Certificates expiring after January 1st, 2017 are treated as "neutral, lacking security." These certificates will receive a blank page icon, as seen with HTTP sessions.

On January 1th, 2015: SHA-1 signed certificates expiring on or after January 1st, 2016 to December 31st, 2016 will continue to be treated as "secure, but with minor errors."
SHA-1 signed certificates that expire on or after January 1st, 2017 are treated as "affirmatively insecure." This will be identified by the red "X".






Reference:

Gradually sunsetting SHA-1: https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html

Found this article interesting?
Subscribe to DomainRegister´s newsletter!

You can unsubscribe at any time by simply clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp s privacy practices here.

  • SSL, SHA-1
  • 0 uporabniku/om je bi članek v pomoč
Vam je bil odgovor v pomoč?

Povezani članki

 What is an intermediate certificate and how to get it?

An intermediate certificate is a file needed by the web browser to identify the C.A. who issued...

 How can I install my SSL certificate on more than one server?

Many SSL certificate licences allow to install the same certificate on an unlimited number of...

 How To Fix The Warning : "Site Contains Secure & Non-Secure Items"

A SSL certificate provides cover for all your website files and folders, which are included in...

 I have accidentally deleted my "private key": what can I do now?

First check your backups and see if you can re-install the "private key". If you don't know how...

 If I buy an Organization Validated (OV) SSL Certificate, which document(s) do I need to provide?

Organization Validated (OV) verification requires checking your business registration. If the...