csr

OpenSSL SHA256 Certificate Migration

Over the last week Google announced that they were going to stop supporting the SHA-1 algorithm for signing certificates.

Google’s SHA-1 deprecation announcement

Because of this I have created a couple of posts explaining how to migrate to SHA-256 based signatures.

Generate an OpenSSL Certificate Request with SHA-256 Signature

Change OpenSSL Default Signature algorithm

Since I wrote those pages other security companies have started to post their own migration strategies.

Qualys SHA1 Migration: What you need to know

In addition, all the major Certificate Authorities (CA) have started providing customers information specific to their services. So if you have certificates already, then contact your CA for further migration help.

Advertisements