Notices

On November 29, 2016 the price of wildcard certificates will change from 2 units to 4 units. Your current certificates will not be affected.

SHA-1 certificates will trigger warning in new edition of Chrome

Google has phase out support for certificates using a SHA-1 hashing algorithm with production version of Chrome version 39 as of November 2014.

This effects any SHA-1 certificates that expire beyond December 31, 2015.

You can check your certificate via Thawte's SSL toolbox at:

https://ssltools.thawte.com/checker/views/certCheck.jsp

If successful you will get the message:

Certificate installation successfully checked

If there are issues you will get the message:

Certificate installation check failed


Resourses

Servers compatible with SHA256 hash algorithm from CA Security Council

SHA2 supported Browser and Server List from Thawte

SHA2 and Windows from Microsoft

Minimum RSA key bit length

Beginning in January 2012, 2048-bit RSA keys will be required and enforced for all new multi-year SSL certificates.
After December 31, 2013, the industry is discontinuing the use of 1024-bit RSA key lengths on all SSL certificates, per
NIST Special Publication 800-131A. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-131a.pdf

Private Internet Protocol (IP) addresses and Internal Server Names

Certificates with validity end dates on or after November 1,
2015 cannot contain any private IP addresses or Internal Server Names in their CN or SAN fields.
To keep certificates in compliance, Thawte systems will automatically prevent certificate enrollments or renewals which could conflict with this date requirement.
 

Certificate Life Span

Effective April 1, 2015 Thawte will issue only certificates with 1, 2, and 3-year validity periods.


Published on  and maintained in Cascade CMS.