GlobalSign Blog

04 Sep 2014

Google to display warnings on sites that use SHA-1 certificates

In a previous blog, we already highlighted the importance of selecting the most up-to-date hashing algorithms for your SSL Certificates as the industry transitions from SHA-1 to SHA-256.

As Google recently released a new policy to degrade websites that utilize a SHA-1 Certificate in its user interface, it has become all the more important to take prompt action. This is a positive step towards promoting higher levels of security, but what does it mean for you?

Chrome 39 to degrade SHA-1 certificates

SHA-1 is no longer considered to be sufficiently secure and will be phased out in the next couple of years. To encourage prompt adoption of modern algorithms, Google is already making changes to the user interface in Google Chrome 39 to advise visitors of the use of SHA-1 certificates.

The changes will happen in stages and start with Chrome 39, which is due to be available in November 2014. Initially, the warnings will be limited to a “Secure, but minor errors” icon, in the form of a lock with a yellow triangle, but in later versions will become a red crossed-out lock.

google yellow warning

Secure, but minor errors

red cross

Affirmatively insecure, major errors

It is essential for all SHA-1 Certificates that expire after 12/31/15 to be upgraded prior to November 2014 to prevent a downgraded user experience. Google has published the dates for the changes on its blog also stated they will continue to monitor user feedback from affected vendors, ISVs, and enterprises and site operators. If you wish to share feedback with Google, you can join the Google group.

Get your website ready!

You can check if your website is ready for the changes at https://sslcheck.globalsign.com/.

sha1

If your website currently uses a SHA-1 SSL Certificate that expires later than 12/31/2015 you need to take action to future-proof your SSL security:

  • Reissue your certificate to SHA-256. This will ensure your website is fully compliant when Google Chrome 39 comes out.  GlobalSign lets you upgrade your certificate to SHA256 at no extra cost.
  • If your applications do not support SHA-256, we strongly recommend you upgrade them as soon as possible. You can find more compatibility information here.

Take action today to prevent a degraded user experience in Google Chrome and maintain full customer trust in your site. If in doubt, get in touch with us for more advice!

Share this Post

Subscribe to our Blog