SHA-256 SSL certificates

Written late in the morning in English • Tags: , , ,

The technical details of an SSL certificate are up to the issuing CA, which is understandable. I was still surprised when my SHA-256 CSR resulted in a SHA-1 certificate back in April, when reissuing it due to heartbleed. But I didn’t pursue it at the time.

Now that Google announced sunsetting SHA-1-signed certificates by the end of the year, the issue became more pressing. Fortunately instructions for reissuing GeoTrust-based certificates — such as the RapidSSLonline ones — were already available. (more…)