From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

Why SHA-1 based SSL certificates should NOT be used anymore. Revoke old SHA-1 based certificates and get free SHA-2 ones! Here is why ...

All SSL certificates delivered by us are SHA-2 based by default since November 2014. Multiple browser vendors have alredy been showing warnings for websites that were still using old SHA-1 based certificates, after SHA-1 had been replaced.

Today, 10 years after of SHA-1 was first introduced, Google is announcing the first practical technique for generating a collision. The required computation power still is incredibly high, nevertheless it is another proof that replacing SHA-1 with SHA-2 signature algorithm for SSL certificates was about time.


  • Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
  • 6,500 years of CPU computation to complete the attack first phase
  • 110 years of GPU computation to complete the second phase

 

Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has deprecated SHA-1 as of February 24th, 2017.

If you are still using old SHA-1 certificates, please re-issue your certificate for free in order to get a new SHA-2 based one. - If you have got any questions, please don't hesitate to contact us!

Full Google article: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html




Was this answer helpful?

 Print this Article

Also Read

IIS 7 7.5 8 Hardening SSL TLS - Windows Server 2008 R2 2012 R2 DISABLE SSL V2/3 POODLE BEAST - NARTAC IIS Crypto

(Free) IIS Crypto Tool for fast SSL cipher configuration under...

Does InterSSL deliver SSL certificates for ECC (Elliptic Curve Cryptography) and ECDSA ?

Yes, all SSL certificates from COMODO also support ECC (Elliptic Curve Cryptography), to be more...

What is PRE-SIGN FAILED? What is a CAA record? - DNS Certification Authority Authorization (CAA) Resource Record

The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name...

How can i verify my SSL certification?

Please use the tools from our SSL Tools site which offer you all kinds of SSL checker tools for...

Decrypting SSL traffic with tshark (private key required)

Sample: #!/bin/bash tshark -f "tcp port 80" -Y 'http.request || http.response' #OR (for...