Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-03-14 16:42:02.0

SHA 1 Deprecation: SHA-2 end entity certificates with SHA-1 intermediate certificates

Article Number: 70594

User-added image

Effective February 14, 2017,  Microsoft will release an update to Microsoft Edge and Internet Explorer 11 that will display an Invalid Certificate warning page when users browse to a TLS site that uses a SHA-2 end entity and a SHA-1 intermediate. For example:

User-added image

The end user will have the option to continue to the website, although it is not recommended. Google Chrome will not block these sites.

Only certificates that use the SHA-2 Signing Algorithm and have been issued from the “Entrust – L1C” or the “Entrust – L1E” Certificate Authorities are affected.

How to resolve this issue

You must identity which certificate(s) have been issued from the "Entrust - L1C" or "Entrust - L1E" Certificate Authorities.

ECS Enterprise account users can run a report to find these certificate(s).

Go to Reports > Report Center. On the left-hand menu, select Issued Certificates.

Once the report loads, find the column Issuer DN. If the column is not displaying, you may add a column by selecting any of the currently displaying columns, and on the dropdown that opens, selecting Columns and checking off the column you wish to add.

On the IssuerDN column, add a filter as shown below:

User-added image

You must reissue the identified SHA-2 SSL certificate(s). When you do so, the new certificate will be issued from a separate SHA-2 subordinate CA and the problem will be avoided.

For more information see our technote on SHA-1 depecration here.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
 
CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088