SHA-1 SSL certificates compromised - upgrade to SHA-2 now!

Blog > Website & Hosting > Website Security

EuroDNS recently launched SSL certificates; a hugely significant step in its mission to secure the Internet. If you want people to buy your products, you have to prove your website’s genuine, that it’s safe for them to enter payment details and make online purchases. If you're using SSL certificates already, you must ensure that they use the SHA-2 algorithm.

Are your SSL certificates strong enough?

SSL certificates have been around for a while so many of you will already be displaying them on your website. If that's the case - excellent, but you must check that they’re using the SHA-2 algorithm. The original SHA-1 algorithm has been in use since the late 90s and is showing dangerous weaknesses, meaning that SSL certificates with SHA-1 are vulnerable to hacking.

All EuroDNS SSL certificates use the SHA-2 algorithm; the strongest encryption available, so your websites are always protected. We’ve partnered with GlobalSign, a Certificate Authority (CA) bringing over 15 years’ experience, who also work with Microsoft, Mozilla, BlackBerry, and Java.

What’s SHA?

The outdated SHA-1 and the powerful new SHA-2 are algorithms that protect websites from being impersonated. Customers can easily be duped into thinking they’re on a genuine website, and unwittingly hand over personal information to a fraudster. SHA-2 is technically superior to SHA-1, bringing stronger security to online communication.

Bleeding bugs!

A year ago, everyone hit the panic button over the Heartbleed bug. It had been discovered in a popular open source encryption software called OpenSSL, and had the potential to reveal private data and passwords.

It’s not advisable to use open source SSL certificates, or self-issued ones. Even before the Heartbleed bug hit the headlines, they were proven to have vulnerabilities, plus customers are distrustful of self-issued certificates.

Migration to SHA-2 SSL certificates has started

The migration to SHA-2 was inevitable and it’s a shift the big boys have already put in motion. Mozilla is planning to turn off support for SHA-1 certificates in 2017. Whilst Microsoft published a SHA-1 deprecation policy back in 2013 stating that, “CAs must stop issuing new SHA-1 SSL end-entity certificates by 1 January 2016.” Our Certificate Authority (CA), GlobalSign, supports the phasing out of SHA-1, and offers SHA-256 certificates, the most widely supported SHA-2 hashing algorithm.

Google Chrome sunsetting SHA-1

Google has gone one step further and following its announcement that it will stop supporting SHA-1 in Chrome, it has also started posting warnings on sites still displaying certificates with SHA-1. You may have seen the following which indicate a site is, “secure, but with minor errors”, “neutral lacking security”, or, “affirmatively insecure”.

If you’ve seen them, so have your customers!

Progression-of-Chrome-warnings.png#asset

Upgrade SHA-1 to SHA-2, or get hacked!

We offer four types of SSL certificate, from basic protection up to super protection, and all with the SHA-2 cryptographic hashing algorithm. Because we feel so strongly about Internet security, we're giving you a free Alpha SSL certificate with every domain name you register or transfer to our platform. If you'd like something stronger that the Alpha, you can always upgrade to Domain, Organisation, or Extended Validation.

If you find that your existing SSL certificate is using SHA-1, it’s a simple process to transfer to one of ours. Give us a call, we’re happy to help you with the transition to SHA-2 and deciding which certificate suits your business.

Industry jargon

SHA-2 cryptographic hashing algorithm – Every SSL certificate has a digital signature based on a one-way cryptographic hashing algorithm. In real simple terms it's a secret code that works as a security mechanism to check the integrity of data. For a decade, the SHA-1 was the algorithm of choice. But, it hasn’t kept up with technology and is now vulnerable to attack. Those pesky hackers broke the code!

Certificate Authority (CA) – A Certificate Authority carries out several checks to confirm the identity of the applicant and prove ownership of the domain name, before issuing a certificate. The checks differ according to the security level of the certificate, so Extended Validation brings the most rigorous checks, repeated annually.

Photo credit


Next article:
EuroDNS catches up with DotClub registry CMO, Jeff Sass

Previous article:
EuroDNS talks new gTLDs with Statton Hammock from Rightside

Related articles: