Starting this Wednesday, October 22[1], Gandi will begin issuing SHA-2 Standard, Pro and Business SSL certificates.
As you may have heard, the SHA-1 signature algorithm is being gradually deprecated in favor of SHA-2 (including SHA256, SHA-512, and so on).
Don't panic, though. At present, it's still really hard to break a SHA-1 hash. But collision attacks against SHA-1 will only become easier, so the sooner everyone migrates, the better.
Note that if you are currently using a SHA-1 certificate or want to buy one, you will still be able to do so. We are now entering a transition period where both the algorithms are supported. SHA-1 will be supported until 1 January 2017.
The majority of certification authorities, browsers, and operating systems already support SHA-2. You may encounter compatibility problems in some cases, for example with Mozilla Firefox[2], as not all root certificates supporting SHA-2 have been added. This process is now underway for various browsers.
If you're ready to migrate to SHA-2, you have two options to choose from:
- If you want to secure your website or application with SHA-2 only, and the issue of compatibility is not a concern, install your SHA-2-signed certificate along with the SHA-2 intermediate certificate only. This solution is the most secure, since the entire certificate chain will be SHA-2. It is a good option if you want to emphasize security over compatibility, or if you are certain that your visitors have SHA-2 enabled browsers (for example, all the employees of a company are using modern browsers to access a secure site).
- If you want to provide SHA-2 while avoiding compatibility issues with certain browsers that have not yet updated the root certificates, you can use the intermediate certificate with SHA-2 enabled and add the cross-signed SHA-1 intermediate certificate as well. If so, the last element of the chain of trust will be SHA-1, which is not optimally secure. This option is useful during the transition period: once all relevant browsers have performed the update, you can then remove the cross-signed intermediate certificate. This option is good if you want to switch to SHA-2 without disturbing visitors whose browsers do not have updated root certificates.
Attention! New intermediate certificates, which differ from those used with plain old SHA-1, will be issued with certificates signed with SHA-2. Be sure to use the correct intermediate certificate to match the hashing algorithm used in your main certificate. You can verify the signature of the certificate with the following command:
$ openssl x509 -in example.crt -text -noout
The output will contain lines like the following, indicating the certificate is signed with SHA-1 or SHA-2, respectively.
For certificates issued with SHA-1:
Issuer: C=FR, O=GANDI SAS, CN=Gandi Standard SSL CA
and:
Signature Algorithm: sha1WithRSAEncryption
For certificates issued with SHA-2:
Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
and:
Signature Algorithm: sha256WithRSAEncryption
Here's an example of a valid trust chain for a SHA-2 certificate:
Certificate chain
0 s:/OU=Domain Control Validated/OU=Gandi Standard SSL/CN=example.com
i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
We have put in place some rules to ensure we deliver the right certificates for SHA-1 and SHA-2. Please be sure you review these and get the right certificates for your site or application:
Until 1 January 2016:
- Certificates with an expiration date after 1 January 2017 will be issued as SHA-2 only, even if the CSR was generated with SHA-1.
- Certificates with earlier expiration dates will be issued as SHA-1 if the CSR was generated with SHA-1
- Certificates with earlier expiration dates will be issued as SHA-2 if the CSR was generated with SHA-2
After January 1, 2016:
- All certificates will be issued in SHA-2, regardless of the hash specified in the CSR
Note that if you already have a certificate, you can regenerate it as SHA-2 by chosing the regenerate option and using a CSR signed with SHA-2. Remember to update the intermediate certificate on your server if you do this.
For more information, please visit our documentation:
[1] Several weeks ago, our SSL partner, Comodo, began issuing certificates in SHA-2 if the expiration date of the certificate was after January 1, 2017. This caused some confusion for customers whose issued certificates weren't signed with the signature algorithm they were expecting, and who therefore may have installed the wrong intermediate certificates, resulting in some confusion. We weren't able to update our documentation to reflect this in a timely manner, and for this we sincerely apologize. You will now find all the information you need to set up your SHA-2 certificates at the links above.
[2] You can install the root certificate manually by navigating to this URL in Firefox:
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt