Microsoft will refuse support for digital certificates based on SHA-1

    Microsoft will no longer support digital certificates that use the SHA-1 hash algorithm in the middle of next year (June 2016). The support period for this hash algorithm was cut back by six months, since it was originally planned to support it until 2017. A similar solution is associated with the SHA-1 deficiencies that allow collision and make it possible to fake a digital signature. After this date, almost all digital certificates that use the SHA-1 hash to generate a certificate cannot be validated on Windows and its components.



    A similar solution was recently announced at the Mozilla Foundation, the Mozilla Firefox web browser will no longer support SHA-1-based digital certificates from July 2016. The same goes for Google Chrome.

    After that date, MS Edge and IE web browsers will no longer recognize websites signed with SHA-1 certificates as safe, and Windows will no longer trust digital file signatures for which SHA-1 certificates were used. At the same time, we are talking only about the certificates that CA generated since January 1, 2016, since from this date CA is not allowed to issue certificates with this hashing algorithm ( CAs must move all new certs to SHA-2 after 1 / 1/2016 ). After January 1, 2017, Windows and its components will no longer recognize all SHA-1 certificates, regardless of their signature timestamp.

    The same behavior will be observed with the Mozilla Firefox web browser, which will mark connections that use the SHA-1 certificate issued after January 1, 2016 as untrusted from July 1, 2016. After January 1, 2017, the untrusted ones will be all https connections with SHA-1 are marked.

    The Google Chrome web browser will refuse to recognize trusted connections with SHA-1 certificates starting January 1, 2017.

    Also popular now: