Knowledge Base

Description

DigiCert stopped issuing SHA-1 code signing and SHA-1 EV code signing certificates on December 1, 2020.

Why did DigiCert make these changes?

The industry has moved away from SHA-1 code signing and SHA-1 EV code signing certificates and from SHA-1 code signing, EV code signing, and timestamping intermediate CA and root certificates.

To comply with the new industry standards, certificate authorities (CAs) were required to make these changes by January 1, 2021:

• Stop issuing SHA-1 code signing and SHA-1 EV code signing certificates
• Stop using SHA-1 intermediate CA certificates to issue SHA-256 algorithm code signing, EV code signing, and timestamping certificates

See Appendix A in the Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates.

How does this affect me?

As of December 1, 2020, you cannot:

• Order new SHA-1 code signing certificates
• Renew and get SHA-1 code signing certificates
• Reissue and get SHA-1 code signing certificates

What do I need to do?

If your signing tool or application relies on SHA-1 code signing certificates, please reach out to the signing tool vendor for possible updates to support SHA-256 code signing certificates.