Which Root CA still issues SHA-1 ssl certificates?
Asked Answered
B

1

0

Is there any CA that still issues SHA-1 certificates? I need it for TR management to manage devices with base firmware that does not support sha256.

Booklet answered 29/2, 2016 at 14:43 Comment(0)
M
2

imho, Public CA's will no longer issues SHA-1 certificates; they are bounded by the strict guidance of the Certificate Authority/Browser Forum to no longer issue new server certificates with SHA1 signature algorithm.

7.1.3. Algorithm Object Identifiers

Effective 1 January 2016, CAs MUST NOT issue any new Subscriber certificates or Subordinate CA certificates using the SHA‐1 hash algorithm. CAs MAY continue to sign certificates to verify OCSP responses using SHA1 until 1 January 2017. This Section 7.1.3 does not apply to Root CA or CA cross certificates. CAs MAY continue to use their existing SHA‐1 Root Certificates. SHA‐2 Subscriber certificates SHOULD NOT chain up to a SHA‐1 Subordinate CA Certificate.

https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf

Mccann answered 25/8, 2016 at 21:56 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.