Which Root CA is still issuing SHA-1 ssl certificates?

Is there any CA that still issues SHA-1 certificates? I need TR management to manage devices with basic firmware that does not support sha256.

0
source share
1 answer

imho, Public CA will no longer issue SHA-1 certificates; they are limited by the strict authority of the Certificate Authority / browser so that they no longer issue new server certificates with the SHA1 signature algorithm.

7.1.3. Algorithm Object Identifiers

Starting January 1, 2016, CAs MUST NOT issue new Subscriber certificates or subordinate CA certificates using the SHA-1 hash algorithm. CAs may continue to sign certificates to verify OCSP responses using SHA1 until January 1, 2017. This Section 7.1.3 does not apply to cross CA or CA certificates. Certificate Authorities can continue to use their existing SHA-1 root certificates. SHA-2 Subscriber Certificates MUST NOT connect to a CA-1 Subordinate CA Certificate.

https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf

+2
source

Source: https://habr.com/ru/post/1014480/


All Articles