News | SwissSign
Une spécialiste de la Poste Suisse pour la sécurité des données

Section générale


SwissSign switches to SHA-2 technology

The ever increasing performance in computer science means there is the risk that it will be possible to decrypt the SHA-1 hash algorithm used so far in SwissSign certificates. This is also recognised by the application developers.


Microsoft therefore announced that, from 1 January 2017, it will no longer accept any SSL certificates based on SHA-1, and from 1 January 2016 no longer any Code Signing certificates. Google also announced that probably from January 2015, in the Google Chrome browser, websites which are protected with certificates which are still valid after 1 January 2016 and are based on the SHA-1 algorithm will be displayed as unsafe.


Higher security
On 10 October 2014 SwissSign therefore switched all its certificates to the recommended and safe hash algorithm of the new generation SHA-2. Only SHA-2 certificates can be purchased in the webshop now. The SHA-1 certificates will still remain valid and are not being revoked. There is no plan to issue SHA-1 certificates and SHA-2 certificates simultaneously.


Promotion: SHA-2 for SSL and Code Signing certificates
SwissSign wants customers to be able to benefit from the new SHA-2 technology and equip their websites and their code with certificates which are trusted and safe.


The switch does not involve any costs: Webshop customers receive the remaining period of validity of the SSL and Code Signing SHA-1 certificates reimbursed in the form of a voucher code for SHA-2 certificates. This voucher code, which they will receive by e-mail, can be used for a one-off purchase of any product in the webshop. It is valid until 31 January 2015. The obtained licences for the certificates are for an unlimited time, however.


Managed PKI customers will be contacted separately regarding a switch in November 2014.