SlideShare a Scribd company logo

Webinar March 2015 - Migrate to SHA-2: implications & next steps

SSL247®
SSL247®

Presentation used for the informative webinar held on the 25th of March 2015 regarding the SHA-2 transition.

Internet
1 of 38
Download to read offline
MIGRATE TO SHA -2 : IMPLICATIONS & NEXT STEPS
Migrate to SHA-2: implications and next steps Your speaker today: Bhav ik Kapadia Web Secu rity Co n su ltan t Part 1 W h a t i s S H A ? Part 2 W h y t h e d e p r e c a t i o n ? Part 3 S w i t c h i n g t o S H A - 2 2
Migrate to SHA-2: implications and next steps PART 1 What is SHA? 3
Migrate to SHA-2: implications and next steps WHAT IS SHA? • Hashing algorithm Cryptographic hash function to transform an input (message) into an output (hash value) with a certain number of bits. Secure Hash Algorithm • You apply the hash algorithm on a message and it gives you a unique string called fingerprint, digest or hash value. The interest  integrity and authenticity of a message to the receiver  identity validation during the SSL process • Several generations of hashing algorithms… e.g: MD5 (obsolete) 4
Migrate to SHA-2: implications and next steps WHAT IS SHA? • Whatever the number of times you apply the hash algorithm on this message, the hash value will always be the same: • Change one single character, and the hash value becomes completely different: "Website Security SpecialistE" 3a09 e8f8 fdf6 "Web Security Specialist" 8537 1ca6 ht5f3 "Website Security Specialists" Hashing process 5e83 1rt6 ed60 You can’t invert this hash function! You can’t recreate the message from its hash value = ONE-WAY CRYPTOGRAPHIC ALGORITHM Hashing process Hashing process HOW IT WORKS 5
Migrate to SHA-2: implications and next steps WHAT IS SHA-1? SHA-1 = a version of SHA algorithm producing 160-bit hash values. 8537 1ca6 e550 143d ce28 0347 1bde 3a09 e8f8 770f Example of a SHA-1 hash value Most certificates today include a digital signature based on the SHA-1 hashing algorithm. 6
Migrate to SHA-2: implications and next steps WHAT IS SHA-2? SHA-2 = another version of SHA algorithm. It works with 6 hash algorithms which produce different sizes of hash values: SHA-256 = SHA-2. Producing 256-bit hash values. SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 E3b0 c442 98fc 1c14 9afb f4c8 996f b924 27ae 41e4 649b 934c a495 991b 7852 b855 Example of a SHA-256 hash value 7
Migrate to SHA-2: implications and next steps PART 2 Why the deprecation? 8
Migrate to SHA-2: implications and next steps WEAKNESSES REMINDER Collision Attack • What is it? An attempt to find two messages which produce the same hash value. • How can it happen? Hash functions have infinite input length & a predefined output length which can lead to collisions. • What are the consequences?  Increase risks of Man-In-the-Middle attacks  Decrease the integrity of SSL certificates SHA is a one-way cryptographic algorithm. 9
Migrate to SHA-2: implications and next steps MD5: previous hash algorithm, not resistant to collisions in practice SHA-1: proven not resistant to collisions in theory 8537 1ca6 e550 143d ce28 0347 1bde 3a09 e8f8 770f SHA-1 hash value length (160-bit) E3b0 c442 98fc 1c14 9afb f4c8 996f b924 27ae 41e4 649b 934c a495 991b 7852 b855 SHA-256 hash value length (256-bit) 9e10 7d9d 372b b682 6bd8 1d35 42a4 19d6 MD5 hash value length (128-bit) WEAKNESSES The algorithms before SHA-2: Solution? SHA-2 bigger hash value 10
Migrate to SHA-2: implications and next steps • January 1st 2017  Microsoft Operating Systems will stop trusting any SHA-1 SSL certificate  Web browsers will do the same • Consequences? Any user trying to connect to a website using a SHA-1 certificate will get the following warning message: DEADLINES 11
Migrate to SHA-2: implications and next steps CERTIFICATION AUTHORITIES (CAs) • January 1st 2016 Following MICROSOFT’s decision, all CAs will stop issuing SHA-1 certificates after this date. DEADLINES 12
Migrate to SHA-2: implications and next steps ON CHROME 40 & 41 Since February and March 2015, for SHA-1 certificates expiring… • … between June 1st, 2016 - December 31st, 2016 • … after January 1st, 2017 DEADLINES • In 2014 Google announced Chrome would display warning icons on websites using SHA-1 certificates. • Warning icon varies according to…  the expiration date of the SHA-1 certificate  the version of Chrome Secured but with minor errors Neutral, lacking security 13
Migrate to SHA-2: implications and next steps DEADLINES ON CHROME 42 Starting from April the 14th 2015 (estimated date), for SHA-1 certificates expiring… • … between June 1st, 2016 - December 31st, 2016 • … after January 1st, 2017 Secured but with minor errors Affirmatively insecure 14
Migrate to SHA-2: implications and next steps DEADLINES Secured, but with minor errors Neutral, lacking security Affirmatively insecure If an SSL certificate using SHA-1 expires after June 1st, 2016, users will see: 15
Migrate to SHA-2: implications and next steps DEADLINES Example of what Chrome’s users will see. Instead of… 16
Migrate to SHA-2: implications and next steps SWITCHING TO SHA-2 IS ESSENTIAL If you don’t … • Visual alerts It has an impact on… • All companies • All types of certificates (DV, OV, EV, Wildcard, Multi-Domains, for internal and external applications) It is the new security standard: • US NIST Guidance • PCI DSS Compliance • Negative users’ reactions 17
Migrate to SHA-2: implications and next steps PART 3 Switching to SHA-2 18
Migrate to SHA-2: implications and next steps PLANNING YOUR MIGRATION 1. Identify SHA-1 certificates 2. Check your server/browser compatibility 3. Prioritise the SHA-1 certificates 4. Switch to SHA-2 with SSL247® 5. Install your SHA-2 certificates 6. Test your new certificates 19
Migrate to SHA-2: implications and next steps IDENTIFY SHA-1 CERTIFICATES https://www.ssl247.co.uk/ssl-tools/sha1-checker 3 ways to do it… 1 • Use our SHA-1 Checker 20
Migrate to SHA-2: implications and next steps IDENTIFY SHA-1 CERTIFICATES • If you are already a client, use your MySSL® platform 1 21
Migrate to SHA-2: implications and next steps IDENTIFY SHA-1 CERTIFICATES • Or simply check on your browser 1 22
Migrate to SHA-2: implications and next steps CHECK SERVER/BROWSER COMPATIBILITY • As a general rule, SHA-256 is supported on Windows XP SP3+ and OS X 10.5+ https://www.ssl247.co.uk/kb/ssl-certificates/generalinformation/sha2- compatibility-browsers-os • Use our online whitepaper to check browser compatibility! Note: If your server is not compatible, you should consider upgrading 2 23
Migrate to SHA-2: implications and next steps PRIORITISE THE SHA-1 CERTIFICATES If you have a lot of certificates try to prioritise them according to:  The expiration date… Focus on the certificates with the latest expiration date first!  The level of urgency… Focus on public facing sites first!  The transition time… Check how much time you need to prepare the transition (ex: server compatibility issues) 3 24
Migrate to SHA-2: implications and next steps 4 SWITCHING TO SHA-2 WITH SSL247® 3 ways to switch to SHA-2:  Renew  Competitive replacement  Reissue Reissuing with SSL247® is free of charge, quick, easy and does not require a lot of manipulation for you! 25
Migrate to SHA-2: implications and next steps SWITCHING TO SHA-2 WITH SSL247® REISSUING ON MySSL® 26
Migrate to SHA-2: implications and next steps Quickly reissue your SSL certificate in 2 steps with SSL247® How ? To access your SSL certificates products, use the left-hand side panel of the platform. Through MySSL® platform REISSUING ON MySSL® https://www.ssl247.co.uk/myssl/login 27
Migrate to SHA-2: implications and next steps STEP 1: Generate a new CSR (Certificate Signing Request) Note: Use the same CSR information you originally used for the certificate Click on download existing CSR If you do not remember your CSR information, find it back through your MySSL® platform REISSUING ON MySSL® 28
Migrate to SHA-2: implications and next steps Copy-paste the downloaded existing CSR in our CSR decoder https://www.ssl247.co.uk/support/tools/csr-decoder REISSUING ON MySSL® To access all our Support tools 29
Migrate to SHA-2: implications and next steps Use the information from the CSR decoder to generate a new CSR https://www.ssl247.co.uk/kb/ssl-certificates/generate-csr REISSUING ON MySSL® To access our CSR generation tutorials 30
Migrate to SHA-2: implications and next steps STEP 2: Reissuing the certificate Once you have the right CSR, go back to the certificate page on your MySSL® platform: At the bottom, copy-paste the new CSR in the reissuing field and validate. REISSUING ON MySSL® 31
Migrate to SHA-2: implications and next steps https://www.ssl247.co.uk/kb/myssl-guide/SHA-2-reissue Find this easy 2-steps process on our dedicated tutorial! REISSUING ON MySSL® 32
Migrate to SHA-2: implications and next steps INSTALL YOUR SHA-2 CERTIFICATES • Remember to install your SHA-2 intermediate certificate https://www.ssl247.co.uk/kb/ssl-certificates/install Once you receive your SHA-2 certificate via email: 5 Note: there is nothing to change for the root certificates. https://www.ssl247.co.uk/support/download-roots-intermediates • Use our tutorials to guide you 33
Migrate to SHA-2: implications and next steps TEST YOUR NEW CERTIFICATES • Check your installation with our… 6  Certificate decoder https://www.ssl247.co.uk/ssl-tools/certificate- decoder https://www.ssl247.co.uk/support/tools/health- checkers  Health checkers To access all our Support tools 34
USEFUL LINKS 35 • Identify SHA-1 certificates  SHA-1 Checker: https://www.ssl247.co.uk/ssl-tools/sha1-checker • Check server/browser compatibility  Whitepaper: https://www.ssl247.co.uk/kb/ssl-certificates/generalinformation/sha2-compatibility-browsers-os • Switching to SHA-2 with SSL247®  MySSL®: https://www.ssl247.co.uk/myssl/login  CSR decoder: https://www.ssl247.co.uk/support/tools/csr-decoder  CSR tutorial: https://www.ssl247.co.uk/kb/ssl-certificates/generate-csr  Reissue with SHA-2 tutorial: https://www.ssl247.co.uk/kb/myssl-guide/SHA-2-reissue • Install your SHA-2 certificates  Install your certificate tutorials: https://www.ssl247.co.uk/kb/ssl-certificates/install  Download root & Intermediate certificates: https://www.ssl247.co.uk/support/download-roots-intermediates • Test your new certificates  Health checkers: https://www.ssl247.co.uk/support/tools/health-checkers  Certificate decoder: https://www.ssl247.co.uk/ssl-tools/certificate-decoder • More information: https://www.ssl247.co.uk/migrate-to-sha2 Please note that these links are also available on our other websites (www.SSL247.fr, www.SSL247.es, www.SSL247.se, etc.)
Migrate to SHA-2: implications and next steps Questions & Answers 36
Migrate to SHA-2: implications and next steps 37 FREQUENTLY ASKED QUESTIONS 1. When I reissue my certificate in SHA-2 do you revoke my old certificate right away? No. We do not revoke your old certificate. You just need to install the new re-issued certificate in SHA-2. 2. Is my server XP SP3 compatible with SHA-2? Yes. Your server XP SP3 is compatible with SHA-2. If you have any doubts regarding the compatibility with your browser/server be sure to check the whitepaper: https://www.ssl247.co.uk/kb/ssl-certificates/generalinformation/sha2-compatibility-browsers-os
Migrate to SHA-2: implications and next steps Thank you for your attention! With SSL247®, you don’t have to wait to protect your Online Business Continuity info@SSL247.co.uk - 0203 740 5927 (London office) - www.SSL247.co.uk 38

Recommended

Continuity editing
Continuity editingContinuity editing
Continuity editingShiva Kumar
 
Hotel booking opportunities
Hotel booking opportunitiesHotel booking opportunities
Hotel booking opportunitiesakram75015
 
Continuity Editing
Continuity EditingContinuity Editing
Continuity EditingShiva Kumar
 
Xarxes locals
Xarxes localsXarxes locals
Xarxes localsgemmalum
 
10 tips incentive-infographic
10 tips incentive-infographic10 tips incentive-infographic
10 tips incentive-infographicIncentive Inc
 
Essay
EssayEssay
EssayLubin Daza
 
ขั้นตอนในการพัฒนาเว็บไซต์
ขั้นตอนในการพัฒนาเว็บไซต์ขั้นตอนในการพัฒนาเว็บไซต์
ขั้นตอนในการพัฒนาเว็บไซต์Suthida23
 
P World Population Trends
P World Population TrendsP World Population Trends
P World Population Trendschan0496
 

Recommended

Continuity editing
Continuity editingContinuity editing
Continuity editingShiva Kumar
 
Hotel booking opportunities
Hotel booking opportunitiesHotel booking opportunities
Hotel booking opportunitiesakram75015
 
Continuity Editing
Continuity EditingContinuity Editing
Continuity EditingShiva Kumar
 
Xarxes locals
Xarxes localsXarxes locals
Xarxes localsgemmalum
 
10 tips incentive-infographic
10 tips incentive-infographic10 tips incentive-infographic
10 tips incentive-infographicIncentive Inc
 
Essay
EssayEssay
EssayLubin Daza
 
ขั้นตอนในการพัฒนาเว็บไซต์
ขั้นตอนในการพัฒนาเว็บไซต์ขั้นตอนในการพัฒนาเว็บไซต์
ขั้นตอนในการพัฒนาเว็บไซต์Suthida23
 
P World Population Trends
P World Population TrendsP World Population Trends
P World Population Trendschan0496
 
2.disposition.lec2 b.current.slideshare
2.disposition.lec2 b.current.slideshare2.disposition.lec2 b.current.slideshare
2.disposition.lec2 b.current.slidesharebealc
 
Dennis presentation
Dennis presentationDennis presentation
Dennis presentationdwestenberger
 
The very last room
The very last roomThe very last room
The very last roomakram75015
 
Immune system 2
Immune system 2Immune system 2
Immune system 2logansullivan123
 
Tablet hotels power point
Tablet hotels power pointTablet hotels power point
Tablet hotels power pointakram75015
 
LSP
LSPLSP
LSPLSP Technologies
 
Effect of Laser Peening on the life of failure mode of a cold pilger die
Effect of Laser Peening on the life of failure mode of a cold pilger dieEffect of Laser Peening on the life of failure mode of a cold pilger die
Effect of Laser Peening on the life of failure mode of a cold pilger dieLSP Technologies
 
Connecting Women in LinkedIn
Connecting Women in LinkedInConnecting Women in LinkedIn
Connecting Women in LinkedIn♛ Selina Power
 
Dapan toan ueh2013_v2
Dapan toan ueh2013_v2Dapan toan ueh2013_v2
Dapan toan ueh2013_v2Nguyen Ngoc Thuan
 
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...Patryk Choros
 
Kreatinet webdesign magazin 2012 július
Kreatinet webdesign magazin 2012 júliusKreatinet webdesign magazin 2012 július
Kreatinet webdesign magazin 2012 júliusczirakib
 
Ssl247® SHA-2 timeline and compatibility
Ssl247® SHA-2 timeline and compatibilitySsl247® SHA-2 timeline and compatibility
Ssl247® SHA-2 timeline and compatibilitySSL247®
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...The SSL Store™
 
Secure socket later
Secure socket laterSecure socket later
Secure socket laterMuhammad Ahmad Nazar
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 

More Related Content

Viewers also liked

2.disposition.lec2 b.current.slideshare
2.disposition.lec2 b.current.slideshare2.disposition.lec2 b.current.slideshare
2.disposition.lec2 b.current.slidesharebealc
 
The very last room
The very last roomThe very last room
The very last roomakram75015
 
Tablet hotels power point
Tablet hotels power pointTablet hotels power point
Tablet hotels power pointakram75015
 
Effect of Laser Peening on the life of failure mode of a cold pilger die
Effect of Laser Peening on the life of failure mode of a cold pilger dieEffect of Laser Peening on the life of failure mode of a cold pilger die
Effect of Laser Peening on the life of failure mode of a cold pilger dieLSP Technologies
 
Connecting Women in LinkedIn
Connecting Women in LinkedInConnecting Women in LinkedIn
Connecting Women in LinkedIn♛ Selina Power
 
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...Patryk Choros
 
Kreatinet webdesign magazin 2012 július
Kreatinet webdesign magazin 2012 júliusKreatinet webdesign magazin 2012 július
Kreatinet webdesign magazin 2012 júliusczirakib
 

Viewers also liked (11)

2.disposition.lec2 b.current.slideshare
2.disposition.lec2 b.current.slideshare2.disposition.lec2 b.current.slideshare
2.disposition.lec2 b.current.slideshare
 
Dennis presentation
Dennis presentationDennis presentation
Dennis presentation
 
The very last room
The very last roomThe very last room
The very last room
 
Immune system 2
Immune system 2Immune system 2
Immune system 2
 
Tablet hotels power point
Tablet hotels power pointTablet hotels power point
Tablet hotels power point
 
LSP
LSPLSP
LSP
 
Effect of Laser Peening on the life of failure mode of a cold pilger die
Effect of Laser Peening on the life of failure mode of a cold pilger dieEffect of Laser Peening on the life of failure mode of a cold pilger die
Effect of Laser Peening on the life of failure mode of a cold pilger die
 
Connecting Women in LinkedIn
Connecting Women in LinkedInConnecting Women in LinkedIn
Connecting Women in LinkedIn
 
Dapan toan ueh2013_v2
Dapan toan ueh2013_v2Dapan toan ueh2013_v2
Dapan toan ueh2013_v2
 
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...
Architektura nowoczesnej platformy analitycznej wspierającej kompleksowe zar...
 
Kreatinet webdesign magazin 2012 július
Kreatinet webdesign magazin 2012 júliusKreatinet webdesign magazin 2012 július
Kreatinet webdesign magazin 2012 július
 

Similar to Webinar March 2015 - Migrate to SHA-2: implications & next steps

Ssl247® SHA-2 timeline and compatibility
Ssl247® SHA-2 timeline and compatibilitySsl247® SHA-2 timeline and compatibility
Ssl247® SHA-2 timeline and compatibilitySSL247®
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...The SSL Store™
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowPayments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowCASCouncil
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)ikram_ahamed
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfGumanSingh10
 
Key implications of PCI DSS v3.1 update
Key implications of PCI DSS v3.1 updateKey implications of PCI DSS v3.1 update
Key implications of PCI DSS v3.1 updateAjay Unni
 
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianSEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianGlen Dimaandal
 

Similar to Webinar March 2015 - Migrate to SHA-2: implications & next steps (20)

Ssl247® SHA-2 timeline and compatibility
Ssl247® SHA-2 timeline and compatibilitySsl247® SHA-2 timeline and compatibility
Ssl247® SHA-2 timeline and compatibility
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...
Symantec® Secure Site Pro SHA-1 Private - One Step Solution for Applications ...
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
SSL overview
SSL overviewSSL overview
SSL overview
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
SSL.ppt
SSL.pptSSL.ppt
SSL.ppt
 
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowPayments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to know
 
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)
 
Mcse
McseMcse
Mcse
 
SSL
SSLSSL
SSL
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdf
 
Key implications of PCI DSS v3.1 update
Key implications of PCI DSS v3.1 updateKey implications of PCI DSS v3.1 update
Key implications of PCI DSS v3.1 update
 
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianSEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
 

More from SSL247®

Webinar SSL Français
Webinar SSL FrançaisWebinar SSL Français
Webinar SSL FrançaisSSL247®
 
Flyer domains names English
Flyer domains names EnglishFlyer domains names English
Flyer domains names EnglishSSL247®
 
Flyer noms de domaine
Flyer noms de domaineFlyer noms de domaine
Flyer noms de domaineSSL247®
 
Flyer certificats ssl
Flyer certificats sslFlyer certificats ssl
Flyer certificats sslSSL247®
 
Flyer MySSL
Flyer MySSLFlyer MySSL
Flyer MySSLSSL247®
 
Noms de Domaine
Noms de DomaineNoms de Domaine
Noms de DomaineSSL247®
 
Signatures Electroniques
Signatures ElectroniquesSignatures Electroniques
Signatures ElectroniquesSSL247®
 
SSL247 - Symantec Partner Success
SSL247 - Symantec Partner SuccessSSL247 - Symantec Partner Success
SSL247 - Symantec Partner SuccessSSL247®
 

More from SSL247® (8)

Webinar SSL Français
Webinar SSL FrançaisWebinar SSL Français
Webinar SSL Français
 
Flyer domains names English
Flyer domains names EnglishFlyer domains names English
Flyer domains names English
 
Flyer noms de domaine
Flyer noms de domaineFlyer noms de domaine
Flyer noms de domaine
 
Flyer certificats ssl
Flyer certificats sslFlyer certificats ssl
Flyer certificats ssl
 
Flyer MySSL
Flyer MySSLFlyer MySSL
Flyer MySSL
 
Noms de Domaine
Noms de DomaineNoms de Domaine
Noms de Domaine
 
Signatures Electroniques
Signatures ElectroniquesSignatures Electroniques
Signatures Electroniques
 
SSL247 - Symantec Partner Success
SSL247 - Symantec Partner SuccessSSL247 - Symantec Partner Success
SSL247 - Symantec Partner Success
 

Recently uploaded

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 

Recently uploaded (20)

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 

Webinar March 2015 - Migrate to SHA-2: implications & next steps

  • 1. MIGRATE TO SHA -2 : IMPLICATIONS & NEXT STEPS
  • 2. Migrate to SHA-2: implications and next steps Your speaker today: Bhav ik Kapadia Web Secu rity Co n su ltan t Part 1 W h a t i s S H A ? Part 2 W h y t h e d e p r e c a t i o n ? Part 3 S w i t c h i n g t o S H A - 2 2
  • 3. Migrate to SHA-2: implications and next steps PART 1 What is SHA? 3
  • 4. Migrate to SHA-2: implications and next steps WHAT IS SHA? • Hashing algorithm Cryptographic hash function to transform an input (message) into an output (hash value) with a certain number of bits. Secure Hash Algorithm • You apply the hash algorithm on a message and it gives you a unique string called fingerprint, digest or hash value. The interest  integrity and authenticity of a message to the receiver  identity validation during the SSL process • Several generations of hashing algorithms… e.g: MD5 (obsolete) 4
  • 5. Migrate to SHA-2: implications and next steps WHAT IS SHA? • Whatever the number of times you apply the hash algorithm on this message, the hash value will always be the same: • Change one single character, and the hash value becomes completely different: "Website Security SpecialistE" 3a09 e8f8 fdf6 "Web Security Specialist" 8537 1ca6 ht5f3 "Website Security Specialists" Hashing process 5e83 1rt6 ed60 You can’t invert this hash function! You can’t recreate the message from its hash value = ONE-WAY CRYPTOGRAPHIC ALGORITHM Hashing process Hashing process HOW IT WORKS 5
  • 6. Migrate to SHA-2: implications and next steps WHAT IS SHA-1? SHA-1 = a version of SHA algorithm producing 160-bit hash values. 8537 1ca6 e550 143d ce28 0347 1bde 3a09 e8f8 770f Example of a SHA-1 hash value Most certificates today include a digital signature based on the SHA-1 hashing algorithm. 6
  • 7. Migrate to SHA-2: implications and next steps WHAT IS SHA-2? SHA-2 = another version of SHA algorithm. It works with 6 hash algorithms which produce different sizes of hash values: SHA-256 = SHA-2. Producing 256-bit hash values. SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 E3b0 c442 98fc 1c14 9afb f4c8 996f b924 27ae 41e4 649b 934c a495 991b 7852 b855 Example of a SHA-256 hash value 7
  • 8. Migrate to SHA-2: implications and next steps PART 2 Why the deprecation? 8
  • 9. Migrate to SHA-2: implications and next steps WEAKNESSES REMINDER Collision Attack • What is it? An attempt to find two messages which produce the same hash value. • How can it happen? Hash functions have infinite input length & a predefined output length which can lead to collisions. • What are the consequences?  Increase risks of Man-In-the-Middle attacks  Decrease the integrity of SSL certificates SHA is a one-way cryptographic algorithm. 9
  • 10. Migrate to SHA-2: implications and next steps MD5: previous hash algorithm, not resistant to collisions in practice SHA-1: proven not resistant to collisions in theory 8537 1ca6 e550 143d ce28 0347 1bde 3a09 e8f8 770f SHA-1 hash value length (160-bit) E3b0 c442 98fc 1c14 9afb f4c8 996f b924 27ae 41e4 649b 934c a495 991b 7852 b855 SHA-256 hash value length (256-bit) 9e10 7d9d 372b b682 6bd8 1d35 42a4 19d6 MD5 hash value length (128-bit) WEAKNESSES The algorithms before SHA-2: Solution? SHA-2 bigger hash value 10
  • 11. Migrate to SHA-2: implications and next steps • January 1st 2017  Microsoft Operating Systems will stop trusting any SHA-1 SSL certificate  Web browsers will do the same • Consequences? Any user trying to connect to a website using a SHA-1 certificate will get the following warning message: DEADLINES 11
  • 12. Migrate to SHA-2: implications and next steps CERTIFICATION AUTHORITIES (CAs) • January 1st 2016 Following MICROSOFT’s decision, all CAs will stop issuing SHA-1 certificates after this date. DEADLINES 12
  • 13. Migrate to SHA-2: implications and next steps ON CHROME 40 & 41 Since February and March 2015, for SHA-1 certificates expiring… • … between June 1st, 2016 - December 31st, 2016 • … after January 1st, 2017 DEADLINES • In 2014 Google announced Chrome would display warning icons on websites using SHA-1 certificates. • Warning icon varies according to…  the expiration date of the SHA-1 certificate  the version of Chrome Secured but with minor errors Neutral, lacking security 13
  • 14. Migrate to SHA-2: implications and next steps DEADLINES ON CHROME 42 Starting from April the 14th 2015 (estimated date), for SHA-1 certificates expiring… • … between June 1st, 2016 - December 31st, 2016 • … after January 1st, 2017 Secured but with minor errors Affirmatively insecure 14
  • 15. Migrate to SHA-2: implications and next steps DEADLINES Secured, but with minor errors Neutral, lacking security Affirmatively insecure If an SSL certificate using SHA-1 expires after June 1st, 2016, users will see: 15
  • 16. Migrate to SHA-2: implications and next steps DEADLINES Example of what Chrome’s users will see. Instead of… 16
  • 17. Migrate to SHA-2: implications and next steps SWITCHING TO SHA-2 IS ESSENTIAL If you don’t … • Visual alerts It has an impact on… • All companies • All types of certificates (DV, OV, EV, Wildcard, Multi-Domains, for internal and external applications) It is the new security standard: • US NIST Guidance • PCI DSS Compliance • Negative users’ reactions 17
  • 18. Migrate to SHA-2: implications and next steps PART 3 Switching to SHA-2 18
  • 19. Migrate to SHA-2: implications and next steps PLANNING YOUR MIGRATION 1. Identify SHA-1 certificates 2. Check your server/browser compatibility 3. Prioritise the SHA-1 certificates 4. Switch to SHA-2 with SSL247® 5. Install your SHA-2 certificates 6. Test your new certificates 19
  • 20. Migrate to SHA-2: implications and next steps IDENTIFY SHA-1 CERTIFICATES https://www.ssl247.co.uk/ssl-tools/sha1-checker 3 ways to do it… 1 • Use our SHA-1 Checker 20
  • 21. Migrate to SHA-2: implications and next steps IDENTIFY SHA-1 CERTIFICATES • If you are already a client, use your MySSL® platform 1 21
  • 22. Migrate to SHA-2: implications and next steps IDENTIFY SHA-1 CERTIFICATES • Or simply check on your browser 1 22
  • 23. Migrate to SHA-2: implications and next steps CHECK SERVER/BROWSER COMPATIBILITY • As a general rule, SHA-256 is supported on Windows XP SP3+ and OS X 10.5+ https://www.ssl247.co.uk/kb/ssl-certificates/generalinformation/sha2- compatibility-browsers-os • Use our online whitepaper to check browser compatibility! Note: If your server is not compatible, you should consider upgrading 2 23
  • 24. Migrate to SHA-2: implications and next steps PRIORITISE THE SHA-1 CERTIFICATES If you have a lot of certificates try to prioritise them according to:  The expiration date… Focus on the certificates with the latest expiration date first!  The level of urgency… Focus on public facing sites first!  The transition time… Check how much time you need to prepare the transition (ex: server compatibility issues) 3 24
  • 25. Migrate to SHA-2: implications and next steps 4 SWITCHING TO SHA-2 WITH SSL247® 3 ways to switch to SHA-2:  Renew  Competitive replacement  Reissue Reissuing with SSL247® is free of charge, quick, easy and does not require a lot of manipulation for you! 25
  • 26. Migrate to SHA-2: implications and next steps SWITCHING TO SHA-2 WITH SSL247® REISSUING ON MySSL® 26
  • 27. Migrate to SHA-2: implications and next steps Quickly reissue your SSL certificate in 2 steps with SSL247® How ? To access your SSL certificates products, use the left-hand side panel of the platform. Through MySSL® platform REISSUING ON MySSL® https://www.ssl247.co.uk/myssl/login 27
  • 28. Migrate to SHA-2: implications and next steps STEP 1: Generate a new CSR (Certificate Signing Request) Note: Use the same CSR information you originally used for the certificate Click on download existing CSR If you do not remember your CSR information, find it back through your MySSL® platform REISSUING ON MySSL® 28
  • 29. Migrate to SHA-2: implications and next steps Copy-paste the downloaded existing CSR in our CSR decoder https://www.ssl247.co.uk/support/tools/csr-decoder REISSUING ON MySSL® To access all our Support tools 29
  • 30. Migrate to SHA-2: implications and next steps Use the information from the CSR decoder to generate a new CSR https://www.ssl247.co.uk/kb/ssl-certificates/generate-csr REISSUING ON MySSL® To access our CSR generation tutorials 30
  • 31. Migrate to SHA-2: implications and next steps STEP 2: Reissuing the certificate Once you have the right CSR, go back to the certificate page on your MySSL® platform: At the bottom, copy-paste the new CSR in the reissuing field and validate. REISSUING ON MySSL® 31
  • 32. Migrate to SHA-2: implications and next steps https://www.ssl247.co.uk/kb/myssl-guide/SHA-2-reissue Find this easy 2-steps process on our dedicated tutorial! REISSUING ON MySSL® 32
  • 33. Migrate to SHA-2: implications and next steps INSTALL YOUR SHA-2 CERTIFICATES • Remember to install your SHA-2 intermediate certificate https://www.ssl247.co.uk/kb/ssl-certificates/install Once you receive your SHA-2 certificate via email: 5 Note: there is nothing to change for the root certificates. https://www.ssl247.co.uk/support/download-roots-intermediates • Use our tutorials to guide you 33
  • 34. Migrate to SHA-2: implications and next steps TEST YOUR NEW CERTIFICATES • Check your installation with our… 6  Certificate decoder https://www.ssl247.co.uk/ssl-tools/certificate- decoder https://www.ssl247.co.uk/support/tools/health- checkers  Health checkers To access all our Support tools 34
  • 35. USEFUL LINKS 35 • Identify SHA-1 certificates  SHA-1 Checker: https://www.ssl247.co.uk/ssl-tools/sha1-checker • Check server/browser compatibility  Whitepaper: https://www.ssl247.co.uk/kb/ssl-certificates/generalinformation/sha2-compatibility-browsers-os • Switching to SHA-2 with SSL247®  MySSL®: https://www.ssl247.co.uk/myssl/login  CSR decoder: https://www.ssl247.co.uk/support/tools/csr-decoder  CSR tutorial: https://www.ssl247.co.uk/kb/ssl-certificates/generate-csr  Reissue with SHA-2 tutorial: https://www.ssl247.co.uk/kb/myssl-guide/SHA-2-reissue • Install your SHA-2 certificates  Install your certificate tutorials: https://www.ssl247.co.uk/kb/ssl-certificates/install  Download root & Intermediate certificates: https://www.ssl247.co.uk/support/download-roots-intermediates • Test your new certificates  Health checkers: https://www.ssl247.co.uk/support/tools/health-checkers  Certificate decoder: https://www.ssl247.co.uk/ssl-tools/certificate-decoder • More information: https://www.ssl247.co.uk/migrate-to-sha2 Please note that these links are also available on our other websites (www.SSL247.fr, www.SSL247.es, www.SSL247.se, etc.)
  • 36. Migrate to SHA-2: implications and next steps Questions & Answers 36
  • 37. Migrate to SHA-2: implications and next steps 37 FREQUENTLY ASKED QUESTIONS 1. When I reissue my certificate in SHA-2 do you revoke my old certificate right away? No. We do not revoke your old certificate. You just need to install the new re-issued certificate in SHA-2. 2. Is my server XP SP3 compatible with SHA-2? Yes. Your server XP SP3 is compatible with SHA-2. If you have any doubts regarding the compatibility with your browser/server be sure to check the whitepaper: https://www.ssl247.co.uk/kb/ssl-certificates/generalinformation/sha2-compatibility-browsers-os
  • 38. Migrate to SHA-2: implications and next steps Thank you for your attention! With SSL247®, you don’t have to wait to protect your Online Business Continuity info@SSL247.co.uk - 0203 740 5927 (London office) - www.SSL247.co.uk 38