Google Chrome Sunsetting SHA-1 Certificates
To Our Clients:
In a collaborative effort to enhance cyber security, Microsoft and Google recently announced their intention to cease support for certain SSL certificates within their Internet Explorer and Chrome web browsers.
Starting as early as September 26, 2014, Google Chrome will place a visual alert icon alongside certain previously trusted web addresses. These visual icons will progress in phases over six months, as a means to alert visitors to potential security issues with a website. Websites affected will be those which use SSL Certificates containing SHA-1 algorithm valid past 01/01/2016. Microsoft will not be instituting any browser changes till later in 2016/2017.
To avoid the Google Chrome security icon from appearing our your site, Tier1Net will be re-issuing “Chrome Supported” SSL Certificates for all at-risk sites over the next few weeks.
Tier1Net will be contacting the owners of all at-risk sites to discuss the next steps for certificate re-issuance.
Please continue reading below for more information.
SSL certificate encryption, depicted by “https:” in a browser, is what authenticates a website as secure and inimitable. A theoretical breach in that encryption would allow another site to “copy” the https site, and potentially capture the secure traffic therein. Today, there is little-to-no risk of a breach occurring in SSL encryption. In future years however, technological advancements may increase the risk of SSL encryption breaches. For that reason, Google is motivating certificate owners to upgrade their SSL encryption to the more robust SHA-2 algorithm.
To motivate certificate owners, starting this month, Google Chrome web browsers will display a warning icon next to any sites using SHA-1 certificates. These warning icons will only appear on SHA-1 sites whose certificates are valid past 01/01/2016. These visual warnings will progress over the next few months from “secure, but with errors” to “neutral” to “not secure”:
To avoid these security warning icons from appearing on your site, Tier1Net will be re-issuing SSL Certificates for all at-risk sites. The re-issued SSL Certificates will have the latest SHA-2 algorithm and will be “Chrome Supported.”
Tier1Net will be contacting all owners of at-risk sites to discuss next steps.
Please visit Google’s announcement to learn more.