FavoriteLoadingAdd to favorites

On October 8, 2015, a team of international cryptography researchers warned of a significantly increased risk in using SHA-1 certificates, and recommended that administrators accelerate their migration to SHA-2 certificates.

The risk is that, with enough computing power, an attacker can craft a fake certificate that in all key respects appears to be signed by a public Certification Authority (it cryptographically chains up to a Certification Authority’s root certificate). This doesn’t mean that websites is suddenly insecure, but it certainly is a wake-up call.

The current policy of most browsers stipulates that they will completely reject SHA-1 TLS certificates on January 1, 2017. However, in light of these new findings, it’s highly possible the deadline will be accelerated. If your customers are still using SHA-1 certificates, you should accelerate their plans to replace them with SHA-2 certificates to avoid security warnings and to ensure visitors to their site are not blocked.

Action Required: We urge you to revoke and replace SHA-1 certificates on behalf of your customers with SHA-2 certificates as soon as possible based on news from recent research. Partners with impacted certificates were provided details in a previous communication.

Here are the resources to help you understand the issue and to reissue their certificate, quickly and easily:

CA/Browser Forum notice about SHA-1

For Symantec certificates click on this link – INFO2848

For GeoTrust certificates click on this link –INFO2851

For Thawte certificates click on this link –INFO2849

If you have any questions or need assistance, please contact us or learn more on our support page or blog.

Thank you,
Symantec Website Security Solutions

FavoriteLoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.