Ask a Question

Advanced Search

Alert ID : INFO2851

Last Modified : 05/03/2018

GeoTrust Partner SHA-1 Certificates Deprecation


A team of international cryptography researchers announced a significant improvement in practical attacks against the SHA-1 hash function increasing the risk of SHA-1 certificates considerably than what was previously communicated. More details on the research can be found here.

There is no immediate security concern as no breaches with certificates using SHA-1 have been reported. SHA-256 is, however, the current recommended hashing algorithm for SSL and customers should move to SHA-256 as soon as possible.

What is SHA-1 deprecation?
After January 1, 2016, most current browsers will display security warnings or block sites that use SHA-1 certificates. To maintain the highest level of security and privacy for your visitors, replace SHA-1 certificates with SHA-256 before 2016. This does not apply to SHA-1 root certificates.

GeoTrust is phasing out SHA-1 certificates to ensure our customers are using the strongest and most compatible web security solutions. No immediate security concern exists with certificates using SHA-1.

How can I see if I’m using SHA-1 certificates?
Check the certificates for your domain in the GeoTrust SSL Toolbox.

How do I replace my SHA-1 SSL certificates?
GeoTrust offers its customers free SHA-256 replacements for all SHA-1 certificates. Refer to this link for details: Replace an SSL certificate from GeoTrust Partner account.

How do I replace my SHA-1 intermediate certificates?
Download and install new intermediate CA certificates to replace your SHA-1 intermediate CA certificates. Refer to this link for details: Download GeoTrust Intermediate CA Certificates.

Additional resources: