Home / Browser / Internet Explorer and Microsoft Edge to start blocking websites with SHA-1 certificates from next year

Internet Explorer and Microsoft Edge to start blocking websites with SHA-1 certificates from next year

In November 2015, Microsoft announced a roadmap for depreciating the SHA-1 hashing algorithm – specifically, the plan to stop accepting SHA-1 TLS certificates by 2017; Microsoft gave website administrators and their users a two-year head start to be prepared for this.

Microsoft Edge invalid certificate error

The SHA-1 hashing algorithm was published in 1995 – it has been used extensively since, as it was considered secure at the time. The key word is ‘was’: it no longer is seen as secure, and has been replaced by SHA-2 and SHA-3.

Today, Microsoft has detailed what exactly will happen to websites and 3rd party applications that haven’t updated their certificates.

The Change

The SHA1 certificates are already not considered safe by Edge and Internet Explorer 11 – since the Windows 10 Anniversary Update, both browsers stopped displaying the ‘Secure’ padlock icon for websites using an SHA-1 certificate.

Now, starting from February, the 14th of 2017, Microsoft Edge and Internet Explorer 11 will stop loading websites ‘secured’ by an SHA-1 certificate – instead, an invalid certificate warning will be displayed to the user.

Users will have the option to ignore the warning, but it is not recommended.

The Exceptions

Microsoft has made it clear that this change will only affect websites linked with Microsoft Trusted Root CA – manually installed enterprise or self-signed SHA-1 certificates will not be affected, though a business should probably upgrade to something more secure anyway.

3rd-party applications utilizing the Windows Cryptographic API, and older versions of Internet Explorer will also not be affected – the change is only affecting Internet Explorer 11.

Microsoft also has detailed a procedure for developers who want to test if their websites will be affected by the change – you will need the latest November Windows updates to do this.

You can read about this change on Microsoft’s blog, and have a look at the full timeline announced by Microsoft in November last year over here.

Check Also

Microsoft puts up the full WinHEC Keynote on Channel9

Microsoft held an incredible event today, giving us plentiful of news and surprises that nobody …