Q & A
What products have compatibility issues with this switch?
Symantec, GeoTrust, Thawte, and RapidSSL:
These CAs will make a SHA-2 Intermediate Certificates available for their products on September 15th. At this time, their full catalog will have fully compatible subscriber certificates and certificate chains. Customers using the old Intermediate certificates will need to reissue so their certificates can be signed by the new Intermediates.
These CAs will make a SHA-2 Intermediate Certificates available for their products on September 15th. At this time, their full catalog will have fully compatible subscriber certificates and certificate chains. Customers using the old Intermediate certificates will need to reissue so their certificates can be signed by the new Intermediates.3
What platforms have compatibility issues with this switch?
The biggest issue will be Windows XP and Windows Server 2003. As documented by RapidSSL4, if the user is running these platforms with the correct patches, they will have compatibility with SHA-2. For Windows XP they will need to install Service Pack 3 (this will solve most issues). For Windows Server 2003 and for edge cases in Windows XP please see RapidSSL's documentation.3
However the SHA-2 digital signature is purely for identity validation. So, this is only for establishing the "visual trust indicators". Note that even without properly patched Windows platforms, the HTTPS session can still be initiated so that user information is still protected.
There will also be issues with other specific hardware, such as enterprise or legacy servers/networking hardware, game consoles, older/niche mobile phones, etc.
The following matrix notes when major platforms began supporting SHA-25
Minimum OS Version
XP if patched with SP3 (see above)
2003 if patched (see above)
iOS and Android should be seen as a non-issue for SHA-2 compatibility. Less than 1% of Android devices are below version 2.36, and less than 0.5% of iOS devices are on version 3 or lower.7
What browsers have compatibility issues with this switch?
- Internet ExplorerWindows XPWindows VistaWindows 7
- Version 7, and higherVersion 7-8Versions 8-9Versions 8-11
- Version 6Only with SP3N/AN/A
3 The [Alexa Top 50] have some China websites that I am sure 100% is SHA1 since there are still 2.75M Windows XP with SP2 users and 400K Windows 2003 with SP2 users in China. I really don't know how to deal it, currently, we issue SHA1 certs only. The big market share in China is Symantec, I would like to hear the idea from Symantec about this. Richard from WoSign (Chinese CA), on 9/8/14.
What if I had a SHA-2 subscriber certificate issued before the SHA-2 roots were available (The certificate is signed with a SHA-1 Intermediate and has a "mixed-chain"?
You need to reissue your certificate and you need to update the intermediates to the new SHA-2 versions.
5 Specifically, the hash function SHA-256
What if the customer has a SHA-1 subscriber certificate?
They need to reissue their certificate and choose "SHA-2" or "SHA-256' during enrollment. They also need to make sure they download and install the new SHA-2 intermediates. Please note that the certificate's signing algorithm is determined solely during the generation process; it is not related to the CSR.
Does the customer need to generate a new "SHA-2" CSR?
No. The signing algorithm is decided solely by what is selected in the enrollment process. It is possible on certain platforms to create a CSR that requests a signing algorithm. However with our enrollment method this is entirely ignored. Only what the customer selects during enrollment is considered.
Obviously, if the customer does not have their old CSR, they will need to generate a new one, but they can use the same method they used previously with no need to specify anything with SHA-2
Should I use something more secure than SHA-2?
No. At this time, there is no evidence that SHA-2 faces the same issues as SHA-1. This does not mean it won't in the future. To think about this topic more broadly, all signing algorithms are mathematical functions. They have a specific purpose and theoretical capabilities. However, in reality, they may not always function as designed. In the case of SHA-1, it's been proven by many researchers to be flawed. SHA-2 has not yet shown the same flaws.
SHA-2 is also significantly more complex than SHA-1 so it is also much more secure from brute-force attacks. There is a SHA-3 algorithm however it is not finalized nor practical to use in a live environment.