SHA-1 Migration for SSL/TLS Certificates
SHA-256 is now the industry-standard signature hash algorithm for SSL certificates. SHA-256 provides stronger security and has replaced SHA-1 as the recommended algorithm. SHA-256 is supported by all current browsers.
You should plan to migrate your SSL certificates to SHA-256 as soon as possible. You can switch to SHA-256 when you renew your certificate, or you can replace your certificate at any time at no charge.
When you submit your CSR for a SSL certificate, use SHA-256 with the SHA-1 root CA. There is no additional cost for using SHA-256.
SHA-1 is being deprecated as part of the SHA-256 migration plan. We will continue to offer limited availability of SHA-1 through 2015 see below if you still need SHA-1. After December 31, 2015, we will stop issuing SHA-1 certificates entirely. After December 31, 2016, modern browsers will display security warnings when connecting to sites that use SHA-1.
SHA-1 and SHA-256 frequently asked questions
The digital security industry now recommends SHA-256 as the standard signature hash algorithm for SSL certificates. SHA-256 is a stronger signature hash algorithm. Additionally, the industry discovered weaknesses in SHA-1 that may become exploitable, although at this time no successful real-world attacks have been discovered.
The signature hash algorithm generates a digital fingerprint - also known as a "hash", "digest", or "checksum" - of information transferred during an SSL session. This fingerprint verifies that the information was not tampered with or corrupted between the server and client.
We recommend the default option, SHA-256 for the certificate and SHA-1 for the root CA, for most SSL certificate uses. Nearly all browsers and applications support the SHA-1 root CA, so most browsers and applications can connect to your site.
Note that using SHA-1 for the root CA is secure and compliant, because the root CA is verified by means other than the signature hash algorithm.
However, if your application or policy requires SSL certificates with the SHA-256 root CA, use the option that includes SHA-256 for the root CA.
Yes, there are new intermediate CA certificates for SHA-256 SSL certificates. When you download your certificate from your account console or by following the link in your “certificate approved” email, the download package includes the correct intermediate CAs.
What about SHA-1 certificates I have today?
You should replace any existing SHA-1 certificates with SHA-256, especially if a SHA-1 certificate expires after December 31, 2016. After this date, modern browsers will display security warnings when connecting to sites that use SHA-1.
There is no cost to replace a certificate before its renewal date.
You should migrate all of your SSL certificates to SHA-256, including certificates on test servers and internal sites. All sites and applications that use SSL benefit from the stronger SHA-256 signature hash algorithm.