SSL Visibility - Getting browser warning when resigning CA cert is signed with SHA-1 algorithm
Article ID: 168896
Updated On:
Products
SSL Visibility Appliance Software
Issue/Introduction
A certificate resigning policy is in place, but the browser shows a warning related to the SHA-1 hash algorithm and certificate expiration in 2017 or later. The following is an example:
Cause
The re-signing intermediate CA certificate uses the SHA-1 hash algorithm and expires after January 1, 2017.
Many major browsers are phasing out SHA-1 support and issue a warning:
Google chrome:
https://googleonlinesecurity.blogspot.cz/2014/09/gradually-sunsetting-sha-1.html
Mozilla:
https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/
Many major browsers are phasing out SHA-1 support and issue a warning:
Google chrome:
https://googleonlinesecurity.blogspot.cz/2014/09/gradually-sunsetting-sha-1.html
Mozilla:
https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/
Resolution
Create a new resigning CA certificate that is signed with SHA-256 or SHA-384 or SHA-512 algorithm.
Workaround
N/AAttachments
Feedback
Yes
No
Powered by
