SHA1, SHA2 and SHA256 SSL algorithms

Last updated on 28 Sept 2023, 10:32:43.
Category: All about SSL certificates | SSL technical

HTTPS SHA-1 SHA-2 SHA-256

What is SHA?

SHA is a mathematical algorithm used in SSL encryption to verify the validity of the certificate's signature. Different iterations of SHA have seen the light: SHA-0, now obsolete and no longer in use, SHA-1, used by the majority of today's certificates, SHA-2, a more secure successor, and SHA-3, introduced in 2012.

The SHA-2 algorithm makes use of four possible key sizes: SHA-224, SHA-256, SHA-384 and SHA-512. SHA-256 is the most widely adopted version by browsers and Certificate Authorities alike, and the terms SHA-2 and SHA-256 are often used interchangeably.

Why is SHA-1 insecure?

Computing power grows exponentially, thus the risk increases that a file could be generated that forms the same SHA-1 checksum as another file. This phenomenon, known as collision, would allow an attacker to circumvent SSL security and to issue false certificates. That's why Microsoft and Google, followed by other browser developers, have decided to limit the validity of certificates signed with SHA-1 progressively.

How can I obtain a SHA-256 SSL certificate?

Certificate Authorities will cease to issue SHA-1 certificates after December 31, 2014. New certificates requested after that date will be signed with an SHA-256 signature exclusively.

If you're up to a renewal of your certificate, you should pay attention that you request a SHA-256 signature at renewal. To guarantee compatibility with older browsers, existing certificates can still be re-issued with an SHA-1 hash. In case you have doubts about the compatibility of your equipment with SHA-256, a list of compatible device can be found on our page on « SHA-256 compatibility ».

If your current SSL certificate has an expiry date set in 2016 or 2017, visitors to your website may encounter security warnings. In that case, your best course is to ask for a re-issue of your certificate in SHA-256. If you ordered your certificate through Kinamo, we'll re-issue it for free.

Nothing's lost even if you're not yet an SSL customer at Kinamo. Many Certificate Authorities offer a competitive deal when switching away from a competitor, and even allow you to transfer your remaining certificate validity onto a new certificate, sometimes even with an extra 30 days validity for free.


Related articles

Hoe de taal van Kinamo webmail aanpassen

Dit FAQ-artikel legt uit hoe je de taal van de gebruikersinterface kunt aanpassen in Kinamo Webmail

Read more

Can I read my e-mail online (through webmail)?

Each Kinamo e-mail address can be checked through an extensive webmail e-mail client. The only thing you need are an...

Read more

Create an automatic SPAM filter in the Kinamo Webmail

Do you have an email with Kinamo? Discover here how to create a special filter via Kinamo Webmail to keep...

Read more

Need extra help?

Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!

Kinamo

Select your language

All languages: