/plushcap/analysis/cloudflare/cloudflare-and-sha-1-certificates

CloudFlare and SHA-1 Certificates

What's this blog post about?

Google's Chrome and Mozilla's Firefox browsers will be changing their policies regarding certain web site certificates in upcoming versions. Starting with Chrome 39, certificates signed with a SHA-1 signature algorithm will be considered less trusted than those signed with a more modern SHA-2 algorithm. By Chrome 41, any website with a certificate that expires in 2016 or later will be shown as untrusted if either the certificate is signed with a SHA-1 algorithm or one of the certificates in its trust chain is signed with a SHA-1 algorithm (roots are exceptions). This change may affect many website owners, who need to re-issue their SHA-1 certificates with a shorter expiration period or upgrade to SHA-2. However, not all web browsers support SHA-2 certificates, such as Windows XP SP2. CloudFlare has reissued all certificates for paid customers, ensuring that their sites will be viewable by visitors on Windows XP SP2 and Chrome.

Company
Cloudflare

Date published
Nov. 10, 2014

Author(s)
Nick Sullivan

Word count
749

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.