Featured Chrome browser 39+ sunsetting SHA-1 SSL signatures

Chromium Blog post reports that Chrome 39+ browsers will be downgrading SHA-1 SSL signatures' reported trustworthiness via the security indicator over several Chrome browser versions including 39, 40 and 41.

Chrome 39 (Branch point 26 September 2014)

Sites with end-entity (“leaf”) certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

The current visual display for “secure, but with minor errors” is a lock with a yellow triangle, and isused to highlight other deprecated and insecure practices, such as passive mixed content.

Chrome 40 (Branch point 7 November 2014; Stable after holiday season)

Sites with end-entity certificates that expire between 1 June 2016 to 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “neutral, lacking security”.

The current visual display for “neutral, lacking security” is a blank page icon, and is used in other situations, such as HTTP.

Chrome 41 (Branch point in Q1 2015)

Sites with end-entity certificates that expire between 1 January 2016 and 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “affirmatively insecure”. Subresources from such domain will be treated as “active mixed content”.

The current visual display for “affirmatively insecure” is a lock with a red X, and a red strike-through text treatment in the URL scheme.

Upgrading & Checking your SSL certificates signature algorithm

The SSL certificate's signature algorithm used is determined at CSR Code and private key creation time - usually done prior to ordering the actual SSL certificate. Usually, the CSR Code and private key can be generated using either SHA-1 or SHA-2 (common subset used is SHA256) signature algorithms.

For Chromium browser 39+ at least, you'd want to upgrade from SHA-1 to SHA-2 i.e. using SHA256 signature algorithms which would involve regenerating a new CSR Code and private key so contact your SSL certificate provider for instructions or questions. Note, GlobalSign based SSL certificates support reissuing to upgrade to SHA256 so probably most SSL certificate providers can do the same.

Checking your SSL Certificate's signature algorithm

You can check to see what signature algorithm you're using via Qualys SSL Labs - Projects / SSL Server Test. If you are creating a new CSR file and private key to order a new SSL certificate, you can check your CSR file is using SHA256 or SHA1 before ordering your SSL certificate using Synmantec's online CSR checker.

For instance this forum's SSL Wildcard certificate uses SHA256 signature algorithm (SHA256withRSA) and 2048 bit RSA keys. If you used ECC 256 bit SSL key based certificates and SHA256 signatures, then you would see SHA256withECDSA.

You'd also want to check SSLLab's certificate chain to see, for instance the certificate chain certificates either use SHA256 or SHA384 signature hash algorithms. Note: SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash [source].



Or by clicking on your site domain's security indicator and clicking on security certificates details

Additional Information for SHA-1

• Transition from SHA-1 to SHA-2 Certificates | Symantec
  
• How to Manage the SHA-1 Deprecation in SSL Encryption | Symantec Connect
• Transitioning to SHA-256 | GlobalSign SSL Certificate Authority
  
• Google is Sun-Setting SHA-1 in Upcoming Chrome Releases - Entrust, Inc.

Online Tools

• SHAAAAAAAAAAAAA | Check your site for weak SHA-1 certificates. - check your site for weak SHA-1 certificates
• SSLLabs test www.ssllabs.com/ssltest/analyze.html

 

Yeah it seems that is reason why RapidSSL certificates are limited to 3 year max validity as they use SHA1 signature hash algorithms so any issued RapidSSL certificates this year will in 3yrs time run up to the 2017 deadline for SHA1.

 

Don't worry about size of concatenated SSL certificate chain as it's a difference of less than 1.5KB in most cases. You can save that much already with some minor tweaks of your site's main default images via optimisation heh.

So any SSL certificate other than RapidSSL like Comodo or AlphaSSL but it depends on how you generated the CSR and private key whether it used SHA1 or SHA256 to create them.

How was your RapidSSL SSL certificate's CSR code and private key generated ?

 

I updated my Centmin Mod Nginx SPDY SSL guide for more updated instructions under OpenSSL CSR section at Nginx HTTPS / SSL Google SPDY configuration

Also updated above with info if you are creating a new CSR file and private key to order a new SSL certificate, you can check your CSR file is using SHA256 or SHA1 before ordering your SSL certificate using Synmantec's online CSR checker.

 

no need to ditch it AFAIK, you could get RapidSSL to reissue with SHA256 I think. Ask them and see what they say

 

You're welcome

 

Good stuff

 

read above first post again

Anyway, you shouldn't be worried, your certificate expires in 2014 long before 2017

 

Comodo Essential has different chains to Commodo PositiveSSL SSL - How to install an ssl certificate? | Centmin Mod Community - well it should or that info is outdated.

What certificates do you have ?

Code:

» EssentialSSL / Free Certificate
» Root: AddTrustExternalCARoot.crt
» Intermediate 1: UTNAddTrustSGCCA.crt
» Intermediate 2: ComodoUTNSGCCA.crt
» Intermediate 3: EssentialSSLCA_2.crt
» End-Entity/Domain Certificate

maybe for Commodo Essential try just root + intermediate3 concatenated ?

Code:

cat intermediate3 root > ssl-trusted.crt

 

no worries, it's confusing that they name them all differently heh