SHA-1 hashing algorithm

"Use a TLS certificate with the SHA-256 or higher hash algorithm. Modern browsers do not trust certificates that use SHA-1."


Continued use of SHA-1 certificates puts your clients' sensitive data at risk and will cause browsers to display warnings. Warnings create mistrust when connecting to a site and can cause clients to avoid your site.

Hashing algorithms are used to generate SSL certificates. Discovery checks your SSL/TLS certificate as well as its issuing intermediate certificate.

Based on current research and DigiCert recommendations, administrators should replace SHA-1 Certificates with SHA-2 Certificates as the risks associated with the SHA-1 hashing algorithm are greater than previously expected. While published findings don't appear to present an immediate danger, we encourage administrators to plan their migration to SHA-2 Certificates as soon as possible.

To learn more, see DigiCert SHA-2 SSL Certificates.


Reissue, renew, or replace all of SHA-1 certificates with SHA-2 certificates. See Switching to SHA-2 for detailed instructions.