AustrianGrid Certification Authority

Using SHA-512 instead of SHA-1 for the signature of end-user certificates and CRLs


Following the actual EUGridPMA and IGTF requirements the signature hash used for CRLs and end-user certificates changes from SHA-1 to SHA-512 from the SHA-2 family. This became necessary due to the increased compute power available threatening the security of SHA-1.

Ensure all your applications (e.g. Grid middleware, web servers, web browsers, e-mail clients) are at a level at which SHA-2 hashes can be used.

According to the SHA-2 transition time-line of IGTF unexpired certificates issued with SHA-1 (AustrianGrid CA certificates issued before December 1st, 2014) will be revoked by February 1st, 2015.

Page last updated: 2014-12-01 00:21