Fixing the Insecure SSL Warning in Chrome (from SHA-1)
The Google Chrome browser now shows a warning for SSL certificates encoded in SHA-1 that are set to expire on or after January 1, 2017. In this article, we will discuss why this error occurs, and how to avoid and correct it.
What Causes the Insecure SSL error?
While SSL certificates are currently secure, Google considers the SHA-1 hash algorithm insecure after 2016. This is due to reports from some security companies, that online attackers could feasibly compromise SSL certificates keyed with SHA-1 hash. Due to this, Google Chrome has started to flag these SSL certificates as insecure (see the screenshot at top of this article).
Who is affected by the Insecure SSL error?
Since SSL certificates are issued yearly by Web Hosting Hub, this will not apply to most of our SSL certificates. There are 2 criteria you have to meet, in order for your site to show up as Insecure in Google Chrome.
- Your SSL certificate expires after January 1st, 2017.
- Your SSL was created using SHA-1 hashing. You can test your SSL by navigating here, (be sure to replace example.com with your actual domain name):
https://www.sslshopper.com/ssl-checker.html#hostname=example.com
If your Signature Algorithm is lower than "sha256" you should Fix your SSL as described below. For example, in the screenshot below it is "sha384," which means it is fine:
How to Fix the Insecure SSL Error
If your SSL certificate expires after 2016, and was created using SHA-1 hashing it will need to be rekeyed.
- Request a CSR via AMP
- Have your SSL provider rekey your SSL with the new CSR
Congratulations, now you know how to fix the Insecure SSL error due to deprecated SHA-1 hashing.
Did you find this article helpful?
Tweet
Next »
Dedicated SSL vs. Shared SSL
Category
SSL
Comments
n/a Points
|
2015-03-31 2:40 am
I made the purchase of my SSL certificate last year through my AMP . I contacted customer support beacuse i need to fix the SHA-1 has used in my certificate, They sent me a message askig me to pay $25 fee for installation and $35.40 for dedicated IP addres, why do I have to pay for fix the SHA-1 hash used to create my certificate?.
and when i bought the certificate the page said: (https://secure.webhostinghub.com/index/ssl/cid/1529802/id/204)
" SSL certificates purchased through us are $99.99/yr which includes the needed dedicated IP address. There is a one-time installation fee of $25 for all SSL certificates.”
Why i have to pay again?
Im asking for support I don’t want to buy another certificate, i just want to fix the SHA-1 hash used in my certificate.
SSL Checker:
https://www.sslshopper.com/ssl-checker.html#hostname=yadiihair.com
Common name: yadiihair.comSANs: yadiihair.com, www.yadiihair.comValid from June 29, 2014 to June 30, 2015Serial Number: 7132d3812227dd11314541f0104a63ccSignature Algorithm: sha1WithRSAEncryptionIssuer: COMODO SSL CA
Please help me.
Thank you |
Staff 16,266 Points
|
2015-03-31 3:31 am
Hello Carmen,
You are correct, the installation fee is a one-time charge and you should not have to pay it again. Also, your SSL through us includes the IP fee, so no charge there. It sounds as if the person you spoke with was a bit confused. However, unless your SSL expires after Jan 1, 2017, then you do not need to have your SSL rekeyed. Kindest Regards, Scott M |
Help Center Login
Related Questions
Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!