October 27, 2016: Important changes for certificates using SHA1 hash algorithm which were issued by a public CA.

The well-known operating system and browser manufacturers have recently announced to refer to applications using certificates which were issued by a public CA with signature hash algorithm SHA-1 for TLS / SSL-secured connections (protocol https) as of January 1, 2017.

The hints range from: "The lock icon is no longer displayed", via "The icon lock symbol appears red or open" to "This connection is no longer trustworthy" or similar.

Detailed information can be found on the Internet, for example, using the search terms "SHA1, SHA-1 or SHA1 deprecation". Here is an example:

Link: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx?PageIndex=2

If you are still using certificates with the signature hash algorithm SHA-1, you must expect restrictions from January 1, 2017.

For solving the problem a new server certificate with signature hash algorithm SHA-256 should be issued.

Support for TLS/SSL certificates with SHA1 hash functions (secure hash algorithm) will end on December 15, 2015

The T-Systems Trust Center will cease to support the SHA-1 hash function on December 15, 2015. As the SHA-1 hash function has security flaws, TLS/SSL certificates will no longer be issued from a public sub-CA (Shared Business CA 3) with SHA-1 as of this date, even on request.

T-Systems thus meets the requirements of the current CA/Browser Forum Baseline Requirement BR-1.3.0..

T-Systems has updated all certification authorities of Shared Business CA for some time now and provides the SHA-256 hash function for all new products. In this case please contact the Service Desk:
phone: +49 1805-268204 Festnetz: 0,14 € / Minute, Mobilfunknetz: max. 0,42 € / Minute
e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.

For more information please refer to the Service Level Agreement (SLA).

All older SHA-1 certificates with a validity period beyond December 31, 2016 will be revoked at the latest on December 1, 2016.