Src < CCSystem/CA

<table width="90%" border="1"><tbody><tr><td width="20%" valign="top">Now</td><td>
   * CA certificates in the IGTF distribution and CRLs at official distribution points should use SHA-1
   * CAs should issue SHA-1 end entity certificates by default
   * CAs may issue SHA-2 (SHA-256 or SHA-512) end entity certificates on request. CAs may publish SHA-2 (SHA-256 or SHA-512) CRLs at alternate distribution point URLs
</td></tr><tr><td valign="top">1 December 2013<br /><strike>1 October 2013</strike></td><td>
   * CAs should begin to phase out issuance of SHA-1 end entity certificates
   * CAs should issue SHA-2 (SHA-256 or SHA-512) end entity certificates by default
</td></tr><tr><td valign="top">1 April 2014</td><td>
   * New CA certificates should use SHA-2 (SHA-512)
   * Existing intermediate CA certificates should be re-issued using SHA-2 (SHA-512)
   * Existing root CA certificates may continue to use SHA-1
</td></tr><tr><td valign="top">1 October 2014</td><td>
   * CAs may begin to publish SHA-2 (SHA-256 or SHA-512) CRLs at their official distribution points.
</td></tr><tr><td valign="top">1 February 2015<br /><strike>1 December 2014</strike></td><td>
   * All issued SHA-1 end entity certificates should be expired or revoked.
</td></tr></tbody></table>
This topic: CCSystem/CA > WebHome > Src
Topic revision: r2 - 2013-11-06 - KanBowen