The end of SHA-1 SSL certificates is here – nearly two years ahead of schedule. But upgrading is complex. Plan a successful SHA-2 migration by avoiding extra costs, eliminating service disruptions and ensuring compliance.

It’s the only way to avoid customer disruption, ensure operational uptime and meet critical deadlines. Failure to upgrade in time will result in end-users receiving security warnings and browsers not displaying content properly.

Entrust will navigate you through the rapid sun-setting of SHA-1 certificates for a seamless, secure experience for your end users.

Get the Must-Have Migration Kit - Download Now

90 FREE DAYS OF DISCOVERY TODAY

SCAN YOUR SYSTEMS FOR OUTDATED SHA-1 CERTIFICATES

SHA-1 is out. SHA-2 is in. But how do you find and replace outdated SSL certificates that will cause critical failures in the future?

Automate your migration process now. For a limited time, sign up for Entrust Cloud SSL certificate management and get three complimentary months* of the cloud-based Entrust Discovery solution – the easy-to-use SSL scanning tool.

  • Find vulnerable SHA-1 certificates
  • Learn how to renew certificates with the SHA-2 hash
  • Comply with industry SSL standards before the deadline

AUTOMATICALLY
FIND VULNERABLE
SHA-1 CERTIFICATES

Sign Up Now for Automatic SSL Scan

TIME IS RUNNING OUT

NOVEMBER 2014
SHA-1 SSL certificates expiring any time in 2017 will show a warning (via a change in the domain name display) in Google Chrome.
Normal
DECEMBER 2014
SHA-1 SSL certificates expiring after June 1, 2016, will show a warning (via a change in the domain name display) in Google Chrome indicated by a yellow triangle.
Errors
JANUARY 2015
SHA-1 SSL certificates expiring any time in 2016 will show an obvious warning in Google Chrome.
Blank
JANUARY 1, 2016
CAs must stop issuing new SHA-1 SSL and code-signing certificates. Microsoft will stop trusting SHA-1 code-signing certificates without time stamps.
Errors
JANUARY 1, 2017
Microsoft will stop trusting SHA-1 SSL certificates.
Danger

THE FACTS ABOUT SHA-1 END-OF-LIFE

WHAT IS SHA-1?

SHA-1 cryptography – a key security component in the issuance and use of digital certificates – is being retired beginning Novermber 2014. You’re now required to migrate to more secure SHA-2 certificates.

SERVICE DISRUPTIONS POSSIBLE

Failure to upgrade to SHA-2 SSL certificates in a timely manner will result in end-users receiving security warnings and browsers not displaying content properly.

YOUR BOTTOM LINE IS AT RISK

SHA-1 security warnings will likely lead customers and users to leave websites, abandon transactions and raise concerns over online privacy, identity theft and your brand’s focus on security.

CHALLENGES OF MOVING TO SHA-2

Learn the key milestones for certificate vendors, browser manufacturers and certificate users, as well as the risks of continued use of SHA-1 and gain technical and operational considerations for transitioning to SHA-2 SSL certificates.

IS THIS GUIDE FOR YOU?

Yes. This guide is intended for IT and security experts, CISOs, developers and SMBs alike. See how your current environment will be affected and how to migrate SSL certificates — quickly and cost-effectively — without compromising your security posture, risking operational outages or disrupting the customer experience.

VIDEO: SWITCH TO SHA-2

MAPPING YOUR PATH TO SHA-2

Road2Sha2GraphicPLAN A SUCCESSFUL SHA-2 MIGRATION

Know the deadlines and understand how they affect your customers at a glance with our infographic on “The Road to SHA-2.”

ActionPointsGraphicLEARN QUICK FACTS

Quick information from “Who’s Affected” to “Action Points” will help you feel more informed about the switch to SHA-2.

GetInfoGraphicsButton

InfoGraphicImage

LatestFromEntrust

SHA12Circle

WHAT IS SHA-2? WHY SHOULD I CARE?
The Technical and Business Reasons You Need to Move To SHA-2

First, what is SHA? In basic terms, SHA is a component of an SSL certificate used to ensure that data has not been modified. SHA accomplishes this by computing acryptographic function and any change to a given piece of data will result in a different hash value.

As a result, differing hash values are key to determining if data has been altered. SHA-2 is the technical successor to SHA-1 and provides greater security than SHA-1. As computing power increases, SHA-1 will be able to be decrypted more easily and susceptible to exploitation by criminals and hackers.

Read More

3 CRITICAL MISTAKES TO AVOID WHEN MIGRATING TO SHA-2
As of June 2014, SHA-1 SSL certificates accounted for over 98 percent of certificates issued worldwide It’s also likely…
READ MORE >

KEY STEPS FOR MIGRATING FROM SHA-1 TO SHA-2 SSL CERTIFICATES
The migration of certificates is not trivial and has the potential to cause major problems…
READ MORE >

UNDERSTANDING SHA-1 VULNERABILITIES
Lately, SSL has come under fire and users may be under the impression that perhaps, there is a problem with…
READ MORE >

FREQUENTLY ASKED QUESTIONS

SHOULD I BE CONCERNED ABOUT THIS ISSUE?
Anyone who uses SSL certificates is likely affected. A June 2014 survey by Netcraft found that 98 percent of webservers were using SHA-1 SSL certificates.
WHAT WILL HAPPEN IF MY SITE HAS SHA-1 SSL CERTIFICATES?
Users of Google Chrome browsers will receive negative security warnings if SHA-1 certificates are valid beyond December 31, 2015. This could prompt concerns about privacy and identity theft, causing users to abandon your site or transactions.
IS THERE A COST TO REPLACE AN AFFECTED CERTIFICATE?
Most vendors will not charge for replacing affected certificates. However, you should check your affected browsers, applications, systems and operating systems for SHA-2 compatibility before replacing certificates.
IS SHA-1 STILL SAFE? WHY DO I NEED TO MIGRATE?
You are currently safe using SHA-1 certificates. The move to replace them is a proactive effort by the CA/Browser Forum and industry leaders to help customers secure their environments and infrastructure. To date, SHA-1 has been a widely accepted industry standard.

However, SHA-2 contains a number of improvements to strengthen security. In addition, the U.S. National Institute of Standards (NIST) and the Payment Card Industry Security Standards Council (PCI) require the use of SHA-2 cryptography.

WHAT DO I HAVE TO DO TO MIGRATE?
Ensure your server supports SHA-2. If supported, request a SHA-2 certificate reissuance from your CA. Replace your SHA-1 certificate. Please note that your SHA-2 certificate will also have a SHA-2 intermediate certificate. Make sure that you also install the new intermediate certificate.

View All FAQs

HEAR FROM OUR CUSTOMERS

THE BEST IN CERT ISSUING

The team at ENTRUST worked with us and got things done extremely quickly. [We] were able to get our new certs the same day.

GREAT CUSTOMER SERVICE!

Thanks to [Entrust], our projects are back on track. I very much recommend Entrust as a certificate vendor of choice!

Download the Migration Guide

logo-entrust logo-datacard logo-casecurity logo-webtrust