- Green versionCheck
- Green versionCheck
- Green versionCheck
- Green versionCheck
Instructions for use:
It has been confirmed by authoritative organizations that the SHA1 encryption algorithm is becoming more and more insecure, and the cost of forging SHA fingerprints is getting lower and lower. Then IT giants such as Microsoft and Google successively issued statements deprecating the SHA1 encryption algorithm. Third-party certification agencies have since January 2016 Starting from March 1st, the issuance of digital certificates based on the SHA1 algorithm will be completely stopped. All this indicates that the SHA1 algorithm, which has been in existence since 1995, will be replaced by SHA-256.
For users of SSL certificates and code signing certificates, in terms of issuance time, digital certificates generally issued before December 2014 are very likely to have the signature fingerprint issued as a certificate with the SHA1 encryption algorithm. After January 2015, digital certificates generally issued after January 2015 The signature fingerprint is a certificate using the sha256 encryption algorithm. You can determine the details by checking the certificate information used by your company. For example, for an SSL certificate, you only need to click on the security lock in the browser to view the certificate content. Find the certificate content as shown below, which is the SHA1 signature algorithm:
In response to this upgrade from SHA-1 to SHA-256 encryption algorithm, what strategies should our digital certificate users take? For SSL certificate users, server operation and maintenance personnel should immediately abandon the old version of SHA-1 certificate. Although there are still a small number of users of Windows Xp and IE 6, this is a very small part. There has been a saying since ancient times: "Two evils have the power to harm each other." "Which is the less important", we cannot affect the experience of most users because of this very small number of users. In fact, when using Google Chrome to open an https web page with SHA1 encryption algorithm, the normal security lock icon changes to the following abnormal blank paper icon, and prompts "This website uses a lower security configuration of the security system (SHA-1 signature)" , your connection may not be private", as shown below:
Users who apply for SSL certificates at [EVTrust] have been issued new SHA-256 encryption algorithm certificates for free in advance. For software developers with code signing certificates, they can ask the certificate authority to issue certificates with both SHA1 and SHA-256 encryption algorithms at the same time, and use certificates with different digital signature algorithms for digital signatures for software versions on different platforms, such as Windows XP. Windows 2000 or earlier systems use digital signature certificates with the SHA algorithm, and software versions of Windows 7 or above use digital signature certificates with the SHA2 encryption algorithm.
it works
it works
it works