Upgrading SSL Certificates from SHA1 to SHA2

Posting this morning I noticed the missing green “lock” icon appearing in my Chrome browser. Upon investigating I saw an error similar to the one below:


The mattlapaglia.com domain certificate was generated before the internet community decided it was time to deprecate the SHA1 hashing algorithm, first released in 1995, in favor of the more secure SHA2.

I got my SSL certificates through ssls.com, powered by namecheap.com, my domain name provider.

In order to regenerate the certificates for IIS 8 the old certificate should be deleted, the new CSR generated, and then used for regenerating the certificate on the ssls website. ssls has changed their service to always generate SHA2 certificates, so no extra options need to be selected.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.