Strictly speaking, this development is not new. The first signs of weaknesses in SHA-1 appeared (almost) ten years ago.
In 2012, some calculations showed how breaking SHA-1 is becoming feasible for those who can afford it. In November 2013, Microsoft announced that they wouldn't be accepting SHA1 certificates after 2016. However, we are in a bit of a panic now because Google followed up to say that they will soon start penalising sites that use SHA1 certificates that expire during 2016 and after. This is a major policy change that requires immediate action—according to SSL Pulse, only 15% sites use SHA256 certificates in September 2014.
What you should do#Before this most recent development, the advice was very simple: don't use SHA-1 certificates past 2016. Google's decision implies it no longer safe to use SHA-1 (with Google Chrome) even during 2016. For some sites there may not be a satisfactory outcome no matter what they do if their desire is to maintain an error-free presence with Chrome they might need to cut off some older clients. Here's what Qualys recommends:
Read the recent announcements#Within months, certificates that expire after 2016 will be affected. Relatively soon thereafter, further changes will be introduced that will impact the certificates that expire during 2016.
- SHA1 Deprecation Policy-Microsoft
- Gradually Sunsetting SHA-1 (for Chrome & Google)
- Mozilla - Firefox
- Apple - not much word, but they added SHA256 in Yosemite
Remember, It is also necessary to check that the entire certificate chain is free of SHA-1. It is not common, but there are cases where the leaf uses SHA256 but one of the intermediates uses SHA-1. Signatures on roots are not used and Chrome won't warn about them even if they are SHA-1.
Companies that use centralized certificate procurement should find this step straightforward. For those that are not, perhaps this is a good opportunity to consider centralizing further Certificate issuance.
Inventory your existing certificates #This might be difficult, depending on your environment. Automated scanning is not only easy to do once, but can also be repeated regularly to ensure new SHA-1 certificates are not introduced. There are companies that offer products for this; for example one of the QualysGuard modules do this automatically after scanning the entire company network. 2016. Those will be the worst affected by the proposed changes and might stop working in 2017.
Then work your way to replace the remaining certificates. These steps are time consuming but shouldn't involve further direct costs because most third-party Certificate Authoritys will reissue certificates for free. However, there are some special cases you might wish to consider:
- Older server platforms might not be able to support SHA256 certificates. For example, that's the case with Windows Server 2003. Thus, upgrading to a SHA256 certificate might require an upgrade or patching of the underlying platform.
- Some older clients don't support SHA256. Most general-purpose sites can upgrade to SHA256 and expect the users to upgrade, too, but large sites with diverse user bases might want to preserve SHA-1 compatibility for as long as possible. In some cases that will be possible with multiple certificate deployment.