The industry is moving from SHA-1 certification to SHA-2, and if you sign code you need to be aware of the changes afoot. In a nutshell, you will probably want to get an SHA-2 certificate before Dec. 31, if you don’t already have one. But if you have an SHA-1 certificate and want to keep using it, you should renew the cert — preferably for multiple years — before the end of the year.
If you don’t have a cert and want to use SHA-1 for compatibility reasons — in Kernel Mode, in particular — you better get the cert now. After Jan. 1, the CA/certificate issuing authorities (Comodo, DigiCert, GlobalSign, and others) are not permitted to issue SHA-1 certs.
To read this article in full or to leave a comment, please click here