Learn about Centmin Mod LEMP Stack today
Become a Member

Featured Chrome browser 39+ sunsetting SHA-1 SSL signatures

Discussion in 'All Internet & Web Performance News' started by eva2000, Sep 7, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Chromium Blog post reports that Chrome 39+ browsers will be downgrading SHA-1 SSL signatures' reported trustworthiness via the security indicator over several Chrome browser versions including 39, 40 and 41.

    Chrome 39 (Branch point 26 September 2014)



    Sites with end-entity (“leaf”) certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

    The current visual display for “secure, but with minor errors” is a lock with a yellow triangle, and isused to highlight other deprecated and insecure practices, such as passive mixed content.

    [​IMG]

    Chrome 40 (Branch point 7 November 2014; Stable after holiday season)



    Sites with end-entity certificates that expire between 1 June 2016 to 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

    Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “neutral, lacking security”.

    The current visual display for “neutral, lacking security” is a blank page icon, and is used in other situations, such as HTTP.

    [​IMG]

    Chrome 41 (Branch point in Q1 2015)



    Sites with end-entity certificates that expire between 1 January 2016 and 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

    Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “affirmatively insecure”. Subresources from such domain will be treated as “active mixed content”.

    The current visual display for “affirmatively insecure” is a lock with a red X, and a red strike-through text treatment in the URL scheme.

    [​IMG]

    Upgrading & Checking your SSL certificates signature algorithm



    The SSL certificate's signature algorithm used is determined at CSR Code and private key creation time - usually done prior to ordering the actual SSL certificate. Usually, the CSR Code and private key can be generated using either SHA-1 or SHA-2 (common subset used is SHA256) signature algorithms.

    For Chromium browser 39+ at least, you'd want to upgrade from SHA-1 to SHA-2 i.e. using SHA256 signature algorithms which would involve regenerating a new CSR Code and private key so contact your SSL certificate provider for instructions or questions. Note, GlobalSign based SSL certificates support reissuing to upgrade to SHA256 so probably most SSL certificate providers can do the same.

    Checking your SSL Certificate's signature algorithm

    You can check to see what signature algorithm you're using via Qualys SSL Labs - Projects / SSL Server Test. If you are creating a new CSR file and private key to order a new SSL certificate, you can check your CSR file is using SHA256 or SHA1 before ordering your SSL certificate using Synmantec's online CSR checker.

    For instance this forum's SSL Wildcard certificate uses SHA256 signature algorithm (SHA256withRSA) and 2048 bit RSA keys. If you used ECC 256 bit SSL key based certificates and SHA256 signatures, then you would see SHA256withECDSA.

    community_ggssl_wildcard_01.png

    You'd also want to check SSLLab's certificate chain to see, for instance the certificate chain certificates either use SHA256 or SHA384 signature hash algorithms. Note: SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash [source].

    ssllabs_ecc_ssl_comodo_trial_01.png

    Or by clicking on your site domain's security indicator and clicking on security certificates details

    community_ggssl_wildcard_00.png


    Additional Information for SHA-1


    Online Tools


     
    Last edited: Nov 8, 2014
  2. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    2:00 AM
    Mainline
    10.2
    Mine :(
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah it seems that is reason why RapidSSL certificates are limited to 3 year max validity as they use SHA1 signature hash algorithms so any issued RapidSSL certificates this year will in 3yrs time run up to the 2017 deadline for SHA1.
     
  4. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    2:00 AM
    Mainline
    10.2
    So the best approach is ditch Rapidssl and switch to other provider?
    Please recommend, BTW I hate to concatenate 3 cert on unified file :D
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Don't worry about size of concatenated SSL certificate chain as it's a difference of less than 1.5KB in most cases. You can save that much already with some minor tweaks of your site's main default images via optimisation heh.

    So any SSL certificate other than RapidSSL like Comodo or AlphaSSL but it depends on how you generated the CSR and private key whether it used SHA1 or SHA256 to create them.

    How was your RapidSSL SSL certificate's CSR code and private key generated ?
     
  6. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    2:00 AM
    Mainline
    10.2
  7. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  8. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no need to ditch it AFAIK, you could get RapidSSL to reissue with SHA256 I think. Ask them and see what they say :)
     
  9. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    2:00 AM
    latest
    latest
    This is really good stuff George. Thanks a lot.

    Mine is also sha1 because I generated the CSR without -sha256.
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You're welcome :)
     
  11. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    2:00 AM
    Mainline
    10.2
    Change to SHA2 :)
    upload_2014-9-7_19-48-48.png
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Good stuff (y)
     
  13. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    2:00 AM
    Mainline
    10.2
    Now I solved my domain, but my provider is still using SHA1 :(
    upload_2014-9-7_21-0-16.png
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    read above first post again ;)

    Anyway, you shouldn't be worried, your certificate expires in 2014 long before 2017
     
  15. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    12:00 PM
  16. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    2:00 AM
    Mainline
    10.2
  17. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Comodo Essential has different chains to Commodo PositiveSSL SSL - How to install an ssl certificate? | Centmin Mod Community - well it should or that info is outdated.

    What certificates do you have ?

    Code:
    » EssentialSSL / Free Certificate
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: UTNAddTrustSGCCA.crt
    » Intermediate 2: ComodoUTNSGCCA.crt
    » Intermediate 3: EssentialSSLCA_2.crt
    » End-Entity/Domain Certificate
    
    maybe for Commodo Essential try just root + intermediate3 concatenated ?

    Code:
    cat intermediate3 root > ssl-trusted.crt
     
    Last edited: Sep 11, 2014
  18. rdan

    rdan Well-Known Member

    5,439
    1,399
    113
    May 25, 2014
    Ratings:
    +2,188
    Local Time:
    2:00 AM
    Mainline
    10.2
  19. eva2000

    eva2000 Administrator Staff Member

    53,818
    12,160
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,712
    Local Time:
    4:00 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no worries, it's confusing that they name them all differently heh
     
  20. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    12:00 PM

    This is what I used for the trusted one:

    cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt > ssl-trusted.crt