In order to provide better coordination with our customers, we are changing our plan as communicated in February 2015 (see our blog post) for SHA-2 SSL/TLS certificate rollout. Akamai will no longer proactively reissue existing Akamai-managed SHA-1 certificates as SHA-2. Existing certificates will be upgraded to SHA-2 during their next annual renewal. No actions are needed on your part unless you want to upgrade prior to renewal, or continue to use SHA-1 certificates.
- Our continued recommendation is that customers migrate to SHA-2 certificates as soon as possible.
- SHA-2 is still the default for all new certificate orders, and for all certificate renewals placed through Akamai.
- At any time, you can request to have existing SHA-1 certificates upgraded to SHA-2 by working with your account team or Customer Care. The certificates will be reissued as SHA-2 with no change in expiration date.
- If needed, you can work with your account team to set a deployment time window for the reissued certificate.
- If you have a continued need for SHA-1 certificates, please notify your account team or Customer Care. Following updated industry standards, SHA-1 certificates will be available only until the end of 2015.
Google Chrome treats SHA-1 certificates which expire after Jan 1, 2016 as “secure, but with minor errors.” Users visiting sites with these SHA-1 certificates will see a yellow warning icon in the address bar instead of the green lock icon. The suggested mitigation is to upgrade the site’s SSL/TLS certificate to SHA-2.