Cartika Support Portal

            SHA1 to SHA2 Migration Guide

            ***Guide pending verification***

            With windows ssl reissues sha1 -> sha2

             

            If you are here, then most likely you have a site on a server that is producing a red strike on https when using google chrome. Mostly likely, this is due to:

             

            !!!The following root has been retired and need no longer be distributed by vendors!!!

            Root 1 - Equifax Secure eBusiness CA-2 

            Download - Equifax Secure eBusiness CA-2 (.pem file) Right Click, Save As

            Organization: 

            Country: 

            Serial Number: 

            Validity Period: 

            Certificate Fingerprint (MD5): 

            Certificate Fingerprint (SHA-1): 

            Key Length: 

            Digital Verification via HTTPS: 

            GeoTrust Inc.

            US

            1b

            Mon Oct 7, 2002 to Sun Jun 21, 2020 (GMT)

            85:8E:B3:54:F7:AC:18:A3:E7:3D:90:9E:02:90:4D:3D

            39:4f:f6:85:0b:06:be:52:e5:18:56:cc:10:e1:80:e8:82:b3:85:cc

            1024 

            Not Available

             

            Based on this, we need a new root certificate on our servers so we get Root 5:

             

            Contact GeoTrust to reissue certificates using:

            https://www.geotrust.com/resources/root-certificates/

             

            Root 5 - GeoTrust Primary Certification Authority – G3

            Description: This root CA is not used today. It is intended for use in the future for SSL and Code Signing services needing an SHA256 encryption algorithm. This root should be included in root stores. 

             

            Download - GeoTrust Primary CA – G3 (.pem file) Right Click, Save As

            Organization: 

            Country: 

            Serial Number: 

            Validity Period: 

            Certificate Fingerprint (SHA-1): 

            Digital Verification via HTTPS:

            GeoTrust Inc.

            US

            15 ac 6e 94 19 b2 79 4b 41 f6 27 a9 c3 18 0f 1f

            Tue, April 01, 2008 4:00:00 PM to Tue, December 01, 2037 3:59:59 PM

            03 9e ed b8 0b e7 a0 3c 69 53 89 3b 20 d2 d9 32 3a 4c 2a fd

            https://ssltest21.bbtest.net

             

            This new root (5) should allow us to generate new csr and rsa keys

             

            Install 3 new ssl using the new Root 5:

             

            install client ssl cert

            intemediate

            and root


            More Information can be found here:

            https://www.sha2sslchecker.com/sha1-to-sha2-migration.php

             

            GeoTrust/ RapidSSL: If your GeoTrust or RapidSSL SSL is signed with SHA1, then you can reissue your current SSL with the following instructions.

             

             

            Use of SHA-256 Intermediate Certificate:

            Intermediate certificate needs to be updated with an SSL certificate. We have given below some reference as per different CAs.

             

            • GeoTrust: Their SHA-2 intermediates are listed under RSA SHA-2, labeled under "SHA-2 Intermediate CAs under SHA-2 Root". For knowledge base guidance, click here.
            Updated: 24 Jun 2018 11:51 AM
            Helpful?  
            Help us to make this article better
            0 0