Confirm, administrator
5,526
edits
Changes
m
CA CAs should not be issuing new SHA-1 certificates, and should be migrating their customers off of SHA-1 intermediate and end-entity certificates.
→SHA-1 Certificates
There are still many end entity certificates that would be impacted if support for SHA-1 based signatures was turned off. Therefore, we are hoping to give CAs time to react, and are planning to turn off support for SHA-1 based signatures in 2017. Note that Mozilla will take this action earlier if needed to keep our users safe.
If the a CA still needs to issue SHA-1 certificates for compatibility reasons, then those SHA-1 certificates should expired before 2017.
=== Generic names for CAs ===
