After the authority confirmed that the SHA1 encryption algorithm is more and more high, SHA fingerprint fraud cost is getting lower, then Microsoft, Google and other IT giants have released the SHA1 encryption algorithm declaration, the third-party certification body from January 1, 2016 onwards, will fully stop the issuance of SHA1 algorithm digital certificate. All this suggests that the SHA1 algorithm, which has been born since 1995, will be replaced by SHA-256.
For SSL certificate and Code signing certificate users, from the point of issuance, generally issued before December 2014 digital certificate is likely to make the issued signature fingerprint is the certificate of SHA1 encryption algorithm, January 2015, the general issued signature fingerprint is SHA256 encryption algorithm certificate, You can determine this by looking at the certificate information that your company uses. For example, SSL certificate, you just need to open the security lock in the browser, view the contents of the certificate, find the certificate content such as SHA1 signature algorithm:
650) this.width=650; "src=" http://www.evtrust.com/images/sha1-IE-SSL.jpg "width=" 362 "height=" "alt=" Sha1-ie-ssl.jpg "/> 650) this.width=650;" src= "http://www.evtrust.com/images/sha1-Firefox-SSL.jpg" width= "362" height= "alt=" "Sha1-firefox-ssl.jpg"/>
For this SHA-1 upgrade to the SHA-256 encryption algorithm, what should our digital certificate users do to deal with the strategy? For SSL certificate users, the server ops should immediately discard the old version of the SHA-1 certificate, although Windows Xp and IE 6 still have a small number of users, but this is a very small part of the ancient cloud: "Two evils take its light", we can not because of this very few users, And it affects most of the user experience. When you actually open the HTTPS Web page of the SHA1 encryption algorithm with Google Chrome, the normal security lock icon changes to an unhealthy blank paper icon and prompts "This site uses a security system with a lower security configuration (SHA-1 signature), so your connection may not be private", such as:
650) this.width=650; "src=" http://www.evtrust.com/images/sha1-chrome.jpg "width=" 290 "height=" "alt=" Sha1-chrome.jpg "/>
How to deal with SHA-1 encryption algorithm upgrade to SHA-256