Re: Deprecation of SSL Certificates Using SHA-1

[Roger A Safian <r-safian () NORTHWESTERN EDU>]

Just wanted to take a moment to thank everyone for replying.

FWIW, were discussing our options here now.  Personally I'd like to see all SHA-1 certificates that are expiring on or 
after Jan 1st 2016 replaced with New SHA-2 certificates.   This should keep the certificates from having any of the 
alerts Chrome intends to put up.  (BTW, I already see these on some certificates, it's not a problem yet.  I just fear 
that we need to be in front of this before it becomes one.)

That's a lot of work, so it's nice to know what others are doing in this regard.

Thanks again.

> -----Original Message-----
> From: Roger A Safian
> Sent: Friday, October 10, 2014 10:11 AM
> To: 'The EDUCAUSE Security Constituent Group Listserv
> (SECURITY () LISTSERV EDUCAUSE EDU)'
> Subject: Deprecation of SSL Certificates Using SHA-1
>
>
> Hello everyone.  I don't know if you have been following the news about the
> plans browser providers have for deprecating SSL certificates that use the
> SHA-1 cryptographic hash, but I would be interested to hear what you all are
> doing with respect to replacing your SHA-1 certificates with SHA-2
> certificates.  Google (Chrome) has an ambitious plan already underway to
> progressively display more and more dire warning signs in their address bar.
> Their plan started to unfold in September and will culminate in January with
> release 41.  Internet Explorer and Firefox are taking a slower approach
> starting in January 2016 and Safari is still trying to decide what to do.
>
> Google's statement is at:
> http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-
> sha-1.html
>
> Any feedback on what your institutions are doing would be appreciated.

<<attachment: winmail.dat>>