Google Chrome to block SHA-1 certificates in 2016

SHA-1 SSL Certificates are known as less security now and there are SHA-1 collision attacks. That’s why Google Chrome no longer treats SHA-1 SSL Certificates as secure, and will not support them in 2 steps.

 

 

Step 1: Blocking new SHA-1 SSL Certificates

 

Starting from 2016 (Chrome version 48), Chrome will display an error if the website is using an SSL certificate that:

 

  1. is signed with a SHA-1-based signature
  2. is issued on or after January 1, 2016
  3. chains to a public CA

 

 

Step 2: Blocking all SHA-1 SSL Certificates

 

Starting from January, 2017, Chrome will completely not support SHA-1 SSL Certificates. The websites which have a SHA-1-based signature as part of the certificate chain (not including the self-signature on the root certificate) will trigger a fatal network error.

 

Moreover, the other browsers such as Edge & Firefox will also block all SHA-1 SSL Certificates on 1st January, 2017.

 

 

Therefore, if your websites are using SHA-1 SSL Certificates, you are encouraged to replace it as soon as possible.