We will stop using the SHA-1 hash algorithm


With a view to providing even more secure services, Sertifitseerimiskeskus will stop using the SHA-1 hash algorithm in its services.

As various studies have shown, the level of security of the SHA-1 hash algorithm has somewhat weakened, and for this reason Sertifitseerimiskeskus has been issuing all its organisation certificates with the SHA-256 hash algorithm for over a year.

The new certificate will help owners of websites and online services to ensure that browsers no longer display warnings about an insecure certificate. From 2015, all new certificates issued for personal identity documents of the Republic of Estonia also include the SHA-256 hash algorithm.

Taking this into consideration, we have decided that all root, intermediate and end-entity certificates that are issued from 2016 will include some algorithm of the SHA-2 family. By the end of this year, the SHA-1 algorithm will be replaced by some algorithm of the SHA-2 family in all newly issued Certificate Revocation Lists. Also, from the start of 2016 at the latest, the SHA-256 hash algorithm will be used for signing all OCSP responses.

We encourage everyone to update their systems by the end of the year at the latest to ensure that they support the algorithms of the SHA-2 family!

previous next