During a SSL/TLS certificate order you may see the option to select SHA256 or SHA256-FULL-CHAIN for the hashing algorithm.
SHA256
This will issue a certificate signed using SHA256 and chained to a SHA256 intermediate. The Intermediate will then chain to a SHA1 root certificate. Having a SHA1 root certificate has no impact on the security of the certificate. This is because root certificates are used for identity purposes and not for encryption.
We recommend selecting this option ONLY for maximum compatibility with older browsers. If your users are likely not using older browsers it is advised to use the full chain option.
SHA256-FULL-CHAIN
This will issue a certificate where all certificates in the chain, including the root, use a SHA-256 hashing algorithm. Eventually overtime all certificates will migrate to a SHA-256 root certificate. Anyone inspecting your certificate will see that it is a full SHA256 chain.
The SHA256 root certificate is present in all modern browsers. However users of very old browsers may not be able to access websites using SHA256-FULL-CHAIN.
Comments
0 comments
Article is closed for comments.