moving to SHA-256 certificate? Convert a SHA1 to SHA256?

The digital security industry now recommends SHA-256 as the standard signature hash algorithm for SSL certificates. SHA-256 is a stronger signature hash algorithm while comparing SHA -1 certificate . Additionally, the industry discovered weaknesses in SHA-1 that may become exploitable, although at this time no successful real-world attacks have been discovered.Lets see here why are we moving to SHA-256 certificate? Convert a SHA1 to SHA256?
Now a days manly loopholes and threats are getting for SHA1 certificates.So the time is already passed to get the more secured certificates.

You should replace any existing SHA-1 certificates with SHA-256, especially if a SHA-1 certificate expires after December 31, 2016. After this date, modern browsers will display security warnings when connecting to sites that use SHA-1.Google and other top leading browsers are already announced that the SHA 1 support has been ended by Jan 1st 2017. If you are still with the SHA 1 ,its time to move .

Convert a Website password Encryption from SHA1 to SHA256
The usual way of going about this is this:

  • Make the hashed-password column larger to accommodate a sha256 hash, and add a ‘salt’ column
  • Set the salt field to NULL initially, and adjust your password-check code so that a NULL salt means sha1, and non-NULL means sha256
  • Once a sha1-use has logged in successfully, re-hash the password to sha256 with salt, and update the database.

Over time, users will migrate to sha256 by themselves; the only problem are users who log in only very sporadically or not at all. For these, you may want to send a reminder e-mail, or even threaten to shut their account down if they don’t log in before day X (don’t give the actual reason though…)

refer : http://dotnetstock.com/iis/generate-certificate-request-openssl-signature-sha256/

How to generate a SHA256 certificate and How to install SHA256 certificate in IIS

Leave a Reply

Your email address will not be published. Required fields are marked *