Skip to main content

SHA-1 hashing algorithm

Related error

"Use a TLS certificate with the SHA-256 or higher hash algorithm. Modern browsers do not trust certificates that use SHA-1."

Problem

Continued use of SHA-1 certificates puts your clients' sensitive data at risk and will cause browsers to display warnings. Warnings create mistrust when connecting to a site and can cause clients to avoid your site.

Note

Hashing algorithms are used to generate SSL certificates. Discovery checks your SSL/TLS certificate as well as its issuing intermediate certificate.

Based on current research and DigiCert recommendations, administrators should replace SHA-1 certificates with SHA-2 certificates as the risks associated with the SHA-1 hashing algorithm are greater than previously expected. While published findings don't appear to present an immediate danger, we encourage administrators to migrate to SHA-2 certificates as soon as possible.

See DigiCert SHA-2 SSL Certificates.

Solution

Reissue, renew, or replace all of SHA-1 certificates with SHA-2 certificates. See Switching to SHA-2 for detailed instructions.