SSL certificates, SHA-1 and nic.ru
A report six months ago that in the near future MS & Google will consider some server certificates "untrusted". As a result, in browsers the server will not be “green”, but “red”, which the customers will not like at all.
www.symantec.com/connect/blogs/google-s-sha-1-deprecation-plan-chrome
In particular, problem certificates include certificates of servers with a SHA-1 / SHA-2 signature, in which the intermediate certificate contains SHA-1 (but the root CA may contain SHA-1).
In the chain of certificates issued by nic.ru, their certificate "RU-CENTER High Assurance Services CA" just contains SHA-1 and, accordingly, all final certificates are affected.
')
This is confirmed by checking for:
ssltools.thawte.com/checker/views/certCheck.jsp
sslanalyzer.comodoca.com
Nic.ru support invites me to re-issue the final certification with SHA-2, I explain to them that the problem is not the final one, but the intermediate certificate, i.e. in their certificate.
Am I busting or nic.ru tupit?
www.symantec.com/connect/blogs/google-s-sha-1-deprecation-plan-chrome
In particular, problem certificates include certificates of servers with a SHA-1 / SHA-2 signature, in which the intermediate certificate contains SHA-1 (but the root CA may contain SHA-1).
In the chain of certificates issued by nic.ru, their certificate "RU-CENTER High Assurance Services CA" just contains SHA-1 and, accordingly, all final certificates are affected.
')
This is confirmed by checking for:
ssltools.thawte.com/checker/views/certCheck.jsp
sslanalyzer.comodoca.com
Nic.ru support invites me to re-issue the final certification with SHA-2, I explain to them that the problem is not the final one, but the intermediate certificate, i.e. in their certificate.
Am I busting or nic.ru tupit?
Source: https://habr.com/ru/post/255689/
All Articles