A team of international cryptography researchers announced a significant improvement in practical attacks against the SHA-1 hash function increasing the risk of SHA-1 certificates considerably than what was previously communicated. More details on the research can be found here.
There is no immediate security concern as no breaches with certificates using SHA-1 have been reported. SHA-256 is, however, the current recommended hashing algorithm for SSL and customers should move to SHA-256 as soon as possible.
What is SHA-1 deprecation?
After January 1, 2016, most current browsers will display security warnings or block sites that use SHA-1 certificates. To maintain the highest level of security and privacy for your visitors, replace SHA-1 certificates with SHA-256 before 2016. This does not apply to SHA-1 root certificates.
Thawte is phasing out SHA-1 certificates to ensure our customers are using the strongest and most compatible web security solutions. No immediate security concern exists with certificates using SHA-1.
How can I see if I’m using SHA-1 certificates?
Check the certificates for your domain in the Thawte SSL Toolbox.
How do I replace my SHA-1 SSL certificates?
Thawte offers its customers free SHA-256 replacements for all SHA-1 certificates. Refer to this link for details: Replace an SSL certificate from Thawte Partner account.
How do I replace my SHA-1 intermediate certificates?
Download and install new intermediate CA certificates to replace your SHA-1 intermediate CA certificates. Refer to this link for details: Download Thawte Intermediate CA Certificates.
- Generate a Certificate Signing Request (CSR)
- Installation Instructions for SSL Certificates
- How to Manage the SHA-1 Deprecation in SSL Encryption
If you need any help from our support team, please contact us at anytime.