it.ucsf.edu

Security Update:SHA-1 SSLs Stopped Being Trusted by Google Chrome

Status Type

Security Update

Date and Time

Monday, May 11, 2015 - 12:00

Reason

Security Update

Impact

SHA-1 SSL Users

 

WHAT HAPPENED?

Recently IT began receiving complaints from UCSF InCommon (Comodo) users that their SSLs suddenly stopped being recognized, primarily by Chrome. In some cases, individuals accessing the website may see an error message:

"The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it."

For examples of other error messages refer to http://security.stackexchange.com/questions/52834/what-exactly-does-it-m....


 

WHAT'S THE PROBLEM?

As IT announced in October 2014 Google Chrome started the process of phasing out SHA-1 SSLs beginning with Chrome 39 with an aggressive schedule to completely regard SHA-1 SSLs as affirmatively insecure.

For the full announcement visit: IMPORTANT (Time Sensitive) Message For All UCSF InCommon (Comodo) SSL Users at https://it.ucsf.edu/status/2014-10-06/important-time-sensitive-message-a....


 

WHAT DO YOU NEED TO DO?

Web site/Service owners using HTTPS/SSL Certificates should take inventory of their certificates and plan on migrating affected SHA-1 SSL certificates to SHA-2 SSL.


1. Inventory your existing certificates


2. Replace SHA1 certificates



RELATED LINKS