locked
Internet Explorer Error Messages after SHA1 Deprecation RRS feed

  • Question

  • I'd like more clarification about IE no longer trusting SHA1 certificates. Does this mean that sites accessed that use a SHA1 certificate can no longer be accessed at all? Or that it can be accessed but the connection is broken and error messages will remain on the address bar?

    Tuesday, July 5, 2016 3:32 AM

All replies

  • Hi Nat Bart,

    Effective January 1, 2016, Windows (version 7 and higher) and Windows Server will no longer trust new code that is signed with a SHA-1 code signing certificate for Mark-of-the-Web related scenarios (e.g. files containing a digital signature) and that has been time-stamped with a value greater than January 1, 2016. This cut-off date applies to the code-signing certificate itself.

    This restriction will not apply to the time-stamp certificate used to time-stamp the code-signing certificate or the certificate’s signature hash (thumbprint) until January 1, 2017. After this time, Windows will treat any code with a SHA-1 time-stamp or SHA-1 signature hash (thumbprint) as if the code did not have a time-stamp signature.

    For more information, please refer to the link:

    http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx

    Best Regards,

    Tao


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Wednesday, July 6, 2016 9:47 AM
  • Thanks Tao.

    So what you are saying is, that the site with the SHA1 signature certificate can still be accessed on IE, but there will be errors seen on the screen? Is there an image snapshot you could provide as a sample from say IE 11 for a standard server certificate (not on the link provided - only has screenshots for code-signing certificate usage)

    Regards,

    Nat

    Thursday, July 7, 2016 3:22 AM
  • Hi,

    We haven’t heard from you in a couple of days, have you solved the problem? We are looking forward to your good news.

    Best Regards,

    Tao


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Wednesday, July 27, 2016 8:55 AM