JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


20140918 - SHA1 disappearance: what is the situation?

Comodo and TBS X509

After the announcements from Microsoft and Google about SHA1 depreciation, Comodo has decided to stop issuingSHA1 SSL server certificates according to the following schedule:

  • 2014-09-18: Suppression of SHA1 server products expiring after January 1st 2016. Only SHA1 products valid 1 year are still available.

  • 2016-01-01: Suppression of all SHA1 server products.

TBS X509 certificates follow the same rules.

Consequence: Starting today, it is not possible to obtain SHA1-signed certificates with a validity period higher than a year.

BULK PURCHASE ACCOUNTS:: If you still have Comodo and TBS X509 tokens that are impacted, please contact our sales team in order to discuss a conversion.

You own a SHA1 certificate expiring after January 1st 2016. What to do?

Customers having a currently valid SHA1 certificate expiring after January 1st 2016, will have to request a free reissuance of their certificate in order to get a SHA256 version.

Only SGC certificates cannot be reissued in SHA256.

For owners of currently valid certificates we propose a promotional code to replace their product by a new one:

TBS X509 PRODUCTS
migrat2014shaTbs
COMODO PRODUCTS
migrat2014shaCom

Offer details:

  • Valid for the replacement of a certificate issued by TBS INTERNET
  • 20% discount only applicable on the migration of a SHA1 currently valid certificate to a SHA256 one
  • Only applpicable for an identical replacement (same CN, organization...)
  • TBS X509 code: valid for the migration of a TBS X509 SHA1 product to its SHA256 counterpart
  • Comodo code: valid for the migration of a Comodo SHA1 product to its SHA256 counterpart
  • Valid from 2014-09-18

Symantec, Thawte, Geotrust

Certificates of these brands can be reissued in SHA256 for free, except for Thawte Supercert certificates. You only have to request a reissuance from your certificate's status page.

Note that SHA256 certificates issued by those CAs and expiring before December 31, 2016 can also be reissued in SHA1

Please note: : Google specified that certificates AND intermediates would have to be signed in SHA256 to be considered as safe. But the certificates issued before 2014-09-18 are chained to SHA1 intermediates. If you have a certificate issued by one of these CA before 2014-09-18, you'll have to request a reissuance to get a SHA256 certificate and intermediate.

EDIT 20141016 - Symantec announce that as of November 6th, 2014 it will cease the issuance of SHA1 certificate that would expire after December 31st, 2016.

Globalsign

The authority's certificate can also be reissued in SHA256. You only have to request a reissuance from your certificate's status page.

GlobalSign has scheduled the suppression of its SHA1 certificates on January 1st 2016.

IN A NUTSHELL: THE PRODUCTS WE RECOMMAND

We advise our customer to switch to SHA256 no matter the validity period of your SSL tools. Sha1 products are going to disappear quickly, it is therefore important to adopt SHA256 as soon as possible.

Useful links