哪个根 CA 仍然颁发 SHA-1 ssl 证书? [英] Which Root CA still issues SHA-1 ssl certificates?

问题描述

是否有任何 CA 仍然颁发 SHA-1 证书?我需要它来进行 TR 管理，以管理具有不支持 sha256 的基本固件的设备.

Is there any CA that still issues SHA-1 certificates? I need it for TR management to manage devices with base firmware that does not support sha256.

推荐答案

恕我直言，公共 CA 将不再颁发 SHA-1 证书；他们受证书颁发机构/浏览器论坛的严格指导限制，不再使用 SHA1 签名算法颁发新的服务器证书.

imho, Public CA's will no longer issues SHA-1 certificates; they are bounded by the strict guidance of the Certificate Authority/Browser Forum to no longer issue new server certificates with SHA1 signature algorithm.

7.1.3.算法对象标识符

7.1.3. Algorithm Object Identifiers

自 2016 年 1 月 1 日起，CA 不得发行任何新订阅者使用 SHA-1 哈希的证书或从属 CA 证书算法.CA 可以继续签署证书以验证 OCSP2017 年 1 月 1 日之前使用 SHA1 的响应.本节 7.1.3 不适用于根 CA 或 CA 交叉证书.CA 可以继续使用他们现有的 SHA-1 根证书.SHA-2 订户证书不应链接到 SHA-1 从属 CA 证书.

Effective 1 January 2016, CAs MUST NOT issue any new Subscriber certificates or Subordinate CA certificates using the SHA‐1 hash algorithm. CAs MAY continue to sign certificates to verify OCSP responses using SHA1 until 1 January 2017. This Section 7.1.3 does not apply to Root CA or CA cross certificates. CAs MAY continue to use their existing SHA‐1 Root Certificates. SHA‐2 Subscriber certificates SHOULD NOT chain up to a SHA‐1 Subordinate CA Certificate.

https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf

这篇关于哪个根 CA 仍然颁发 SHA-1 ssl 证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！