From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

Why SHA-1 based SSL certificates should NOT be used anymore. Revoke old SHA-1 based certificates and get free SHA-2 ones! Here is why ...

All SSL certificates delivered by us are SHA-2 based by default since November 2014. Multiple browser vendors have alredy been showing warnings for websites that were still using old SHA-1 based certificates, after SHA-1 had been replaced.

Today, 10 years after of SHA-1 was first introduced, Google is announcing the first practical technique for generating a collision. The required computation power still is incredibly high, nevertheless it is another proof that replacing SHA-1 with SHA-2 signature algorithm for SSL certificates was about time.


  • Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
  • 6,500 years of CPU computation to complete the attack first phase
  • 110 years of GPU computation to complete the second phase

 

Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure. Firefox has deprecated SHA-1 as of February 24th, 2017.

If you are still using old SHA-1 certificates, please re-issue your certificate for free in order to get a new SHA-2 based one. - If you have got any questions, please don't hesitate to contact us!

Full Google article: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html




Was this answer helpful?

 Print this Article

Also Read

PDF Dokumente mit Adobe Acrobat signieren (SMIME, S/MIME)

Um in Adobe Acrobat eine Signatur zu platzieren, klicken Sie auf Anzeige -> Werkzeuge ->...

Perfect Forward Secrecy - Apache SSL/TLS Strong Encryption How-To

TL;DR: edit /etc/apache2/mods-enabled/ssl.conf and specify ciphers like this: # enable only...

IIS 7 7.5 8 Hardening SSL TLS - Windows Server 2008 R2 2012 R2 DISABLE SSL V2/3 POODLE BEAST - NARTAC IIS Crypto

(Free) IIS Crypto Tool for fast SSL cipher configuration under...

Postfix TLS 1.3 and Perfect Forward Secrecy configuration

Settings for /etc/postfix/main.cf: # TLS parameters smtpd_tls_cert_file =...

Secure dovecot TLS and SSL configuration

Settings for /etc/dovecot/conf.d/10-ssl.conf:  ssl = required #the .pem file is .crt appended...