Facebook, CloudFlare and SHA-1 Fallback

SHA-1 certificates are increasingly insecure, so moves by CloudFlare and Facebook to maintain SHA-1 support may seem counter-intuitive. However, both companies make a case that the secure access of millions of users is at stake.

What Is SHA-2?

SHA-2 (Secure Hash Algorithm 2) refers to a family of cryptographic hash functions that can convert arbitrarily long strings of data into digests of a fixed size (224, 256, 384, or 512 bits). 256-bit SHA-2, also known as SHA-256, is the most often-used version. The digest is commonly displayed as » Continue Reading.

SSL.com Root Certificates

The lists below display the path of trust from the root certificate, through the required intermediate certificates (if any) to the server certificate (which is the certificate you purchased from SSL.com) for each SSL.com product we offer.

SSL.com Announces SHA-2 SSL Support

Microsoft, Google and Mozilla have all announced various plans to stop supporting SHA-1 SSL certificates after January 1, 2017. As a result, SSL.com began issuing SSL certificates using only SHA-2 (aka SHA-256) as the default hashing algorithm starting September 24, 2014. There are no special flags » Continue Reading.

Is SHA1 Considered Weak for SSL?

SHA1 SSL Certificates This is a question we get frequently, so we thought we’d put together a page that explains why some testing sites are starting to flag SHA1 as “weak.” Various SSL Labs sites are available that will give you a rundown of what you’re » Continue Reading.