none
SHA1 certificate workaround for windows 10 on IE 11 RRS feed

  • Question

  • Hi Everyone,

    I am not able to access the HTTPS URL of my device from IE 11 and Chrome browser. I am using windows 10 machine. My device is using SHA1 certification type. We are planning to move on SHA2 certificate. But min time please suggest workaround for accessing HTTPS URL using  SHA1 certificate on windows 10. So our customer can use devices without any issue. Also can anyone please give me exact windows update(KB Digit) which is blocking sha1 certificate on IE.

    certificate RSA length is 2048 

    Thanks,

    Bhavin.

    Wednesday, February 28, 2018 5:10 AM

Answers

  • Hi Bhavin,

    No, There is no workaround.

    According to Microsoft Security Advisory 4010323 state,

    Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and to display an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1. Enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2 based certificates.

    And Certificate authorities have been prohibited from issuing new SHA-1 certificates Since January 2016. Customers should ensure that their certificate authorities are using the SHA-2 hashing algorithm to obtain SHA-2 certificates from their certificate authorities.

    Thus in order to your computer to be safe, it's strongly recommend you update your certificate from SHA1 to SHA2. And also keep your computer update to date.

    For details, please read this article:

    Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11

    https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4010323


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 1, 2018 6:41 AM
    Moderator

All replies

  • Hi Bhavin,

    No, There is no workaround.

    According to Microsoft Security Advisory 4010323 state,

    Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and to display an invalid certificate warning. This change will only impact SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1. Enterprise or self-signed SHA-1 certificates will not be impacted, although we recommend that all customers quickly migrate to SHA-2 based certificates.

    And Certificate authorities have been prohibited from issuing new SHA-1 certificates Since January 2016. Customers should ensure that their certificate authorities are using the SHA-2 hashing algorithm to obtain SHA-2 certificates from their certificate authorities.

    Thus in order to your computer to be safe, it's strongly recommend you update your certificate from SHA1 to SHA2. And also keep your computer update to date.

    For details, please read this article:

    Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11

    https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4010323


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 1, 2018 6:41 AM
    Moderator
  • You can try using non-Microsoft browsers which tolerate using SHA1 certificates (Be careful that some of those browsers may be vulnerable as the latest versions may not support anymore those certificates).

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Thursday, March 1, 2018 3:18 PM
  • Hi,

    Was your issue resolved?

    If yes, please mark the helpful reply as answer in order that other community members could find the helpful reply quickly.

    If no, please reply and tell us the current situation in order to provide further help.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 5, 2018 1:38 AM
    Moderator
  • Hi ,

    This issue is not observed in many of the windows 10 ( version 1607 Enterprise) machine. What could be the reason for that.

    Monday, March 5, 2018 11:15 AM