Search This Blog

Thursday, February 9, 2017

SHA1 thumbprint algorithm in certificates - is it secure?

Many of you have heard that SHA1 algorithm is not secure as certificate signing algorithm anymore. It is considered so insecure, that operating systems, and browsers consider certificates signed with SHA1 not secure and show warning messages.
But what about thumbprint algorithm, is it okay that it is SHA1?

No worries there, this really is not a security hole, as thumbprint is used to identify certificates more easily. For example, you have a web server and have to add a certificate to ensure HTTPS encryption. Web server offers to choose certificates from local store, but there are few certificates with equal subject name. And this is where you use certificate thumbprint - to choose correct certificate.
Also, to my knowledge, there is no way to change thumbprint algorithm.

No comments:

Post a Comment