Migrate from SHA-1 to SHA-2

SHA-1 will not work from Jan 1, 2017. Are you equipped to switch to SHA-2?

Secure Socket Layer (SSL) protocol has become the de facto standard for securely transmitting sensitive information over the internet and for instilling trust in the users on data security. However, the reliability of SSL depends much on the underlying cryptographic hash algorithms. Majority of the SSL certificates in use today have been signed using the hash function SHA-1, which has been found to be susceptible to a collision attack due to which hackers could spoof browsers with forged signatures.

The National Institute of Standards and Technology (NIST) has banned the use of SHA-1 for new certificates and browser companies have announced that they would stop accepting SHA-1 certificates from January 1, 2017. That means, beyond the cut-off date, websites making use of SHA-1 certificates will simply not function or throw errors. Organizations should switch all their certificates from SHA-1 to SHA-2 immediately.

SHA-1 to SHA-2 Migration: The Challenge

Switching to the secure SHA-2 hashing algorithm is easier said than done:

  • Organizations should first get the list of all SSL certificates in use
  • Then identify and isolate the certificates that have been signed with SHA-1
  • Get in touch with the certificate issuing authority, submit a fresh certificate signing request and get a new certificate signed with SHA-2
  • Deploy the new certificate to the respective sites and track them for usage, expiry

Key Manager Plus Simplifies SHA-2 Migration


Need Free Assistance on SHA-2 Migration?

Fill this form and we will schedule a demo over the web. We will explain how you can isolate and eliminate SHA-1 certificates and smoothly switch to SHA-2.