Re: Deprecation of SSL Certificates Using SHA-1

[Tim Faircloth <Tim.Faircloth () GSW EDU>]

This is compounded by the fact that GeoTrust certs issued through USG 
(http://www.usg.edu/peachnet/other_services/ssl_certificates_services) use SHA-1.

/tim
-- 
Tim Faircloth
System Administrator, GSW IIT
229-931-5076


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A 
Safian
Sent: Friday, October 10, 2014 11:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Deprecation of SSL Certificates Using SHA-1


Hello everyone.  I don't know if you have been following the news about the plans browser providers have for 
deprecating SSL certificates that use the SHA-1 cryptographic hash, but I would be interested to hear what you all are 
doing with respect to replacing your SHA-1 certificates with SHA-2 certificates.  Google (Chrome) has an ambitious plan 
already underway to progressively display more and more dire warning signs in their address bar.  Their plan started to 
unfold in September and will culminate in January with release 41.  Internet Explorer and Firefox are taking a slower 
approach starting in January 2016 and Safari is still trying to decide what to do. 

Google's statement is at:
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html

Any feedback on what your institutions are doing would be appreciated.