SSL/TLS servers, SHA-1/SHA-256 and StartSSL.com certificates 
Wednesday, August 27, 2014, 11:11 PM
Posted by Administrator
Do you run a SSL/TLS server?
Do you still use a server certificate that uses a SHA-1 based signature, because it was the default when you requested it, and you didn't notice?
Are your users worried that your server uses a weak certificate?
Do you want to migrate to a SHA-256 server certificate?

If yes, you should request a replacement certificate from your Certificate Authority.
First, you should check if your CA offers SHA-256 certificates at all.
Your CA probably requires you to send in a CSR (certificate signing request). And you really should create the CSR yourself. This ensures the private key for your new certificate is stored on your systems, only.
When you create the CSR, you should ensure it contains a SHA-256 signature.
If you use the "openssl req" command for creating the CSR, you must add the "-sha256" parameter.
If you use the NSS "certutil -R" command for creating the CSR, you must add the "-Z SHA256" parameter.
(Both parameters seem to be undocumented at the time of writing this blog post.)

Your CA might require you to pay for the replacement certificate, while your old certificate is still valid.

I'd like to talk about the StartSSL.com CA in particular, because many sites use their free certificates (and so do I).

However, when using a Class 1 free certificate from StartSSL, in order to get a replacement certificate (for the same hostname), it's necessary to revoke the existing certificate. And revoving a certificate isn't free with StartSSL. This means, you'd have to pay for revocation of each of the certificates that you want to replace ($25 each).

So, if your SHA-1 based certificate is still valid at the time you're reading this, but you don't want to pay anything, you need to wait until it expires. Only after it expires can you request a new certificate for the same hostname. And make very sure you request a SHA-256 certificate, not another SHA-1 (don't risk being blocked for another year, by being stuck with another SHA-1 cert).

If you're willing to pay, and if you want to migrate multiple certificates, it's cheaper to get an identity verification, which is $60.

Once you are verified, you can issue certificates that contain multiple hostnames. And this makes it possible to create replacement certificates, without having to revoke your old certificates.

For example, let's assume your existing certificate was requested for CN=example.com, and it is valid for hostnames example.com and www.example.com.
If you request a replacement certificate with the same hostnames, without having revoked the old certificate, StartSSL will give you an error message, suggesting you to revoke the old one.

One solution is to include an additional subdomain when asking for the certificate. It doesn't matter if you're actually using that subdomain (hosting content on the subdomain), you could use one that you don't plan to use at all. For example, let's use a subdomain "sha2".
If you request a new certificate for CN=sha2.example.com, and you request inclusion of the hostnames sha2.example.com, example.com and www.example.com, then the subject name of your new certificate will be different from the old certificate's subject name, and StartSSL will allow you to get a certificate in parallel to the old one.

Once you have obtained an updated certificate and are ready to install it on your server, don't forget to update your server configuration to use an appropriate intermediate CA certificate, too. For example with StartSSL, you can find the SHA-256 based class 2 intermediate certificates for servers here.

view entry ( 2167 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3.1 / 57 )


<Back | 1 | 2 | 3 | 4 | 5 | Next> Last>>