CloudFlare and SHA-1 Certificates
Google's Chrome and Mozilla's Firefox browsers will be changing their policies regarding certain web site certificates in upcoming versions. Starting with Chrome 39, certificates signed with a SHA-1 signature algorithm will be considered less trusted than those signed with a more modern SHA-2 algorithm. By Chrome 41, any website with a certificate that expires in 2016 or later will be shown as untrusted if either the certificate is signed with a SHA-1 algorithm or one of the certificates in its trust chain is signed with a SHA-1 algorithm (roots are exceptions). This change may affect many website owners, who need to re-issue their SHA-1 certificates with a shorter expiration period or upgrade to SHA-2. However, not all web browsers support SHA-2 certificates, such as Windows XP SP2. CloudFlare has reissued all certificates for paid customers, ensuring that their sites will be viewable by visitors on Windows XP SP2 and Chrome.
Company
Cloudflare
Date published
Nov. 10, 2014
Author(s)
Nick Sullivan
Word count
749
Hacker News points
None found.
Language
English