Dear Valued Customers,
Google has announced plans to begin sunsetting the SHA-1 cryptographic hash algorithm in the upcoming version of its Chrome browser.
What is SHA-1?
SHA-1 is a two way algorithm, you can take the encrypted value then decrypt and get the original plain text value.
The SSL encrypt your connection to our site and browser let you verify that you connect to our real website by showing the following icon in URL.
Browser perform this verification by finding is your website's certificate file has been issued by a "Certificate Authority" (CA).
The browser will calculate the SHA-1 for that certificate then compare it with signed SHA-1 that certificate offer as proof.
If a third party could come out a certificate same with their target site then they can coax a CA issue a certificate that forge the real site.
What will happen for current Chrome user?
September 2014 - A lock with a yellow triangle will appear in your HTTPS URL through Chrome 39.
November 2014 - It will appear a blank page icon which same as normal HTTP side through Chrome 40.
1st January 2017 - A lock with red X and red strike-through URL. HTTPS sites that use SHA-1 certification will no longer appear to be fully trustworthy in Chrome.
What is the preparation for this changes?
We, Exabytes will contact our valued client manually if they have SSL with us to regenerate the CSR key which required their approval to reissue the certificate.
For those client who bought SSL and do not host with us, they will need to regenerate the CSR key for us from their system with SHA-2.
Technical Support Department