Call the Team: (London Office)

30 days guarantee

SHA-2: Your Questions Answered

Get in touch now


Another satisfied customer

More info
Register your Domain Name
  • Bulk transfer domains
  • Register 400+ domain extensions
  • Free DNS management
  • Industry leading grace and redemption periods
  • No hidden fees

SSL certificates are transitioning to SHA-2.
Read on to find out more.

What is SHA?

SHA, or Secure Hash Algorithm, is a hashing algorithm used in secured connections to prove the integrity and authenticity of a message to the receiver. SHA algorithm is the default hash algorithm set in SSL certificates.

What is SHA-1?

SHA-1 is an algorithm producing a 160-bit fingerprint when used on a message.

It was the standard up until now for secured connections. However SHA-1 was adopted in 1995, a long time ago in internet years. Just think of the computer you were using in 1995! Huge advances in technology and developments in cryptography since then are putting pressure on SHA-1, and it has been shown to be unreliable.

Its days are numbered and the SSL industry is migrating to SHA-2. From January 1st 2017, SSL certificates using SHA-1 will no longer be recognised by web browsers and operating systems, rendering them useless. Most major browsers (Chrome, Safari, Mozilla, Opera) have voiced their support for the move.

What is SHA-2?

SHA-2 is a set of hash functions including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256.
The most common hash function used is SHA-256. So generally speaking, SHA-2 = SHA-256.

It works the same way as SHA-1, but produces a longer fingerprint when used on a message (256-bit). Moving from SHA-1 to SHA-2 will increase security and safety online.

But it’s not all bad, and there’s no need to panic.

The hard work required to transition from SHA-1 to SHA-2 has already been taken care of. SHA-2 is widely supported by most browsers, email clients and mobile devices, making the transition relatively hassle-free.

What does this mean for my SSL certificate?

The SHA-1 algorithm is set by default in your SSL certificate at the time of purchase, unless specified otherwise. In any case, your SSL certificate must use SHA-2 from January 1st, 2017, and all Certification Authorities are currently ensuring you can purchase SHA-2 certificates from now on. If you chose to be PCI compliant, note that SHA-2 is an element required the by the authority in charge of this norm (Payment Card Industry Security Standards Council).

You have three main options depending on your situation:

  1. If your certificate expires before January 1st, 2016: you can still get a SHA-1 certificate, but its validity period can’t go after January 1st, 2017.

  2. If your certificate expires between January 1st, 2016 and January 1st, 2017: you won’t have any other choice than ordering a SHA-2 certificate, but your SHA-1 certificate remains valid until December 31st, 2016.

  3. If your SSL certificate expires after January 1st, 2017: after this date, Microsoft Operating Systems will stop trusting your SSL certificate, and web browsers will do the same. Any user trying to connect to your server will get the following warning message:

The SHA-2 algorithm does not come with any additional costs.

Don't hesitate to contact us at to discuss your options. Alternatively you can email us at

Are there any compatibility issues?

SHA-2 has some compatibility issues with Windows XP service pack 2 and previous versions. Before switching to SHA-2, make sure your organisation and network are fully compatible with SHA-2: check that all your platforms, web browsers and Operating Systems are up to date.

While some browser compatibility issues do exist, they only apply to very old browsers that are unsafe for browsing the internet regardless.

As always, we’re committed to ensuring the safety your business on the internet, and we’re here for you during this transition. Please don’t hesitate to contact us on or at for impartial, expert advice.

Share this:

Posted on Wednesday 09 April 2014 by

Return to blog

Send us your comments

Your comment will not be published. If you have a question, do not forget to write your email address so that we can get back to you!


Norton seals are viewed more than half a billion times a day on more than 100,000 websites in 170 countries and in search results on enabled browsers, as well as partner shopping sites and product review pages. When website visitors see the Norton Trust Seal, they are less likely to abandon a transaction and more likely to do business with you online.

SSL Certificates

Our Partnerships
Our Accreditations
Our Trust Seal
Sitemap | Cookies | Legal
© 2017 . All rights reserved. SSL247 Limited is registered in England No: 5802692 | Tel:

Cookies SSL247 uses cookies to provide you a seamless user experience. For more information please read our Terms & conditions. Continue