carloscastilla - Fotolia

SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.

Mozilla has announced plans to begin displaying an "untrusted connection" error on its Firefox browsers when it comes across certificates signed with the SHA-1 algorithm, starting in early 2017. But Mozilla isn't cutting off SHA-1 support completely, as users can override the error message. How can companies use SHA-1 certificates for Mozilla browsers? And is this a good idea for enterprises?

Editor's note: Following news of a successful collision attack for SHA-1, Mozilla has announced that it disabled the algorithm for all Firefox users.

Industry leaders have been encouraging enterprises to migrate away from the SHA-1 algorithm for some time, so Mozilla's announcement should come as no surprise.

The CA/Browser Forum voted to stop issuing SHA-1 signed SSL/TLS certificates starting Jan. 1, 2016, and Microsoft, Apple and Google have all enacted plans phasing out support for certificates signed with the SHA-1 algorithm at the start of 2017. Google Chrome already flags SHA-1 certificates as having weak security configurations, and warns the user that their connection may not be private.

Users can bypass the "untrusted connection" warning that appears on Firefox 51, which was released in January 2017, but this action is only supported for SHA-1 certificates that chain up to a manually imported root certificate to function, a situation that may exist in various enterprise networks.

The reason SHA-1 certificates are no longer trusted is because the cost of compromising SHA-1 with a collision attack is now within the reach of government agencies and well-resourced cybercriminals. This attack enables malicious actors to impersonate an SSL-protected site that uses a publicly trusted SHA-1 certificate, completely undermining the trust users put in websites' digital certificates. If an attacker manages to compromise an intermediate CA certificate signed with SHA-1, he can generate valid certificates for a variety of domains. This is another reason why network administrators need to update servers with SHA-2 signed certificates, preferably issued by a CA that meets the baseline requirements of the CA/Browser Forum.

SHA-2 doesn't suffer from SHA-1's mathematical weaknesses, and it and the SHA-3 family of cryptographic hash algorithms are now the only sets of hash functions approved by the National Institute of Standards and Technology for digital signature generation. Although the SHA-2 family includes SHA-224, only the stronger SHA-256, SHA-384 and SHA-512 algorithms are allowed by the CA/Browser Forum's baseline requirements for the issuance and management of publicly trusted certificates.

For enterprises running websites, webmasters need to request new SHA-2 certificates to replace any expired SHA-1 certificates; otherwise, their servers will not be fully trusted by browsers, and this will cause problems for users trying to access them.

Various algorithms widely used to keep internet communications secure are coming to their end-of-life, and network administrators should make moving to newer, more robust algorithms a priority, or find themselves in a position of having to try and update entire networks within a short time frame -- never a good idea.

The implementation of an enterprise key and certificate management product or service can help administrators to manage the lifecycle of an organization's certificates, and ensure certificates aren't missed during the migration process, as well as prevent service outages due to expired or noncompliant certificates.

Legacy systems that make SSL connections, such as embedded devices that rely on hard-coded certificates, also need to be migrated to SHA-2 certificates. This may also mean having to update software or firmware if it is unable to support SHA-2 encryption.

Next Steps

Learn about the pros and cons of having an internal public key infrastructure

Find out how to protect PGP short key IDs from collision attacks

Read about the differences between symmetric and asymmetric encryption

Dig Deeper on Identity and access management

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close