Microsoft and Google announce SHA-1 Encryption Deprecation Plans

Microsoft and Google announced plans to deprecate the SHA-1 Hash Algorithm (as used in Certificate Signatures for HTTPS) that may affect websites with SHA-1 certificates expiring as early as January 1, 2016.  

The plans vary by vendor and are browser dependent with the biggest impact being on customer-facing websites, although certificates found on your internal application servers hosting Tessitura services should be checked as well.  While the Network's basic recommendation is to replace all SHA-1 certificates with SHA-2 (also known as SHA-256) certificates, we encourage you to research this issue further to gauge the impact it may have on you and to contact your SSL certificate vendor with questions or concerns.  To begin your research, we point you to an article on Symantec's website titled "SHA-1 Hash Algorithm Migration for SSL & Code Signing Certificates" that can be found at http://www.symantec.com/page.jsp?id=sha2-transition.  Located at the end of this article are links to several additional resources including a tool that will identify certificates that utilize an SHA-1 hash algorithm.

Special note for RAMP and Web Products licensees

The Network's Managed Services and Web teams will migrate as required the SSL certificates installed in the RAMP network for Tessitura APIs and hosted Web Products to ensure continual certificate validity. In cases where a certificate requiring migration has been issued by your organization and not by the Network, the RAMP team will contact you directly to coordinate the required action.  Additionally, we want to ensure that those of you who host a website locally are aware of this issue so that you can research its effect on you.