SHA-1 hashing algorithm

"Use an TLS certificate with the SHA-256 or higher hash algorithm. Modern browsers do not trust certificates that use SHA-1."

Problem

Continued use of SHA-1 certificates puts your clients' sensitive data at risk and will cause browsers to display warnings. Warnings create mistrust when connecting to a site and can cause clients to avoid your site.

Hashing algorithms are used to generate SSL certificates. Discovery checks your SSL/TLS certificate as well as its issuing intermediate certificate.

Based on current research and DigiCert recommendations, administrators should replace their SHA-1 Certificates with SHA-2 Certificates as the risks associated with the SHA-1 hashing algorithm are greater than previously expected. While published findings don't appear to present an immediate danger, we strongly encourage administrators to plan their migration to SHA-2 Certificates as soon as feasibly possible.

To learn more, see DigiCert SHA-2 SSL Certificates.

Solution

Reissue, renew, or replace all of your SHA-1 certificates with a SHA-2 certificate. See Switching to SHA-2 for detailed instructions.