Microsoft and Google announced SHA-1 deprecation plans within their browsers that may affect websites with SHA-1 certificates expiring as early as after December 31, 2015. In order to prevent online users from experiencing issues with secure websites, any SHA-1 SSL certificates expiring after December 31, 2015 should be replaced with SHA-256 (SHA-2) certificates. As technology evolves, it is critical to stay ahead of those who wish to defeat cryptographic technologies for their malicious benefit. The initiative to migrate from SHA-1 to SHA-256 (SHA-2) is the next proactive phase to better secure websites, intranet communications, and applications. At this time we strongly recommend our partners develop a migration plan for any SHA-1 SSL and code signing certificates that expire after December 31, 2015.
If you host a secure web based application we suggest you:
- Inventory your existing SHA-1 certificates
- Replace any SHA-1 certificates that expire after 12/31/2015 – ensure any new certificates and their chains use SHA-256
Failure to upgrade SHA-1 certificates expiring after 12/31/2015 could result in users seeing certificate error messages, content not displaying and/or failed connections to your secure website.
In a continuous effort to ensure the highest level of security to our partners and customers, BillingTree developed solutions have all been running the new SHA-2 certificates since January 2015.