哪个根 CA 仍然颁发 SHA-1 ssl 证书?
Which Root CA still issues SHA-1 ssl certificates?
有没有仍然颁发 SHA-1 证书的 CA?
我需要 TR 管理来管理具有不支持 sha256 的基本固件的设备。
恕我直言,Public CA 将不再颁发 SHA-1 证书;他们受证书 Authority/Browser 论坛严格指导的约束,不再使用 SHA1 签名算法颁发新的服务器证书。
7.1.3. Algorithm Object Identifiers
Effective 1 January 2016, CAs MUST NOT issue any new Subscriber
certificates or Subordinate CA certificates using the SHA‐1 hash
algorithm. CAs MAY continue to sign certificates to verify OCSP
responses using SHA1 until 1 January 2017. This Section 7.1.3 does not
apply to Root CA or CA cross certificates. CAs MAY continue to use
their existing SHA‐1 Root Certificates. SHA‐2 Subscriber certificates
SHOULD NOT chain up to a SHA‐1 Subordinate CA Certificate.
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf
有没有仍然颁发 SHA-1 证书的 CA? 我需要 TR 管理来管理具有不支持 sha256 的基本固件的设备。
恕我直言,Public CA 将不再颁发 SHA-1 证书;他们受证书 Authority/Browser 论坛严格指导的约束,不再使用 SHA1 签名算法颁发新的服务器证书。
7.1.3. Algorithm Object Identifiers
Effective 1 January 2016, CAs MUST NOT issue any new Subscriber certificates or Subordinate CA certificates using the SHA‐1 hash algorithm. CAs MAY continue to sign certificates to verify OCSP responses using SHA1 until 1 January 2017. This Section 7.1.3 does not apply to Root CA or CA cross certificates. CAs MAY continue to use their existing SHA‐1 Root Certificates. SHA‐2 Subscriber certificates SHOULD NOT chain up to a SHA‐1 Subordinate CA Certificate.
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf