Access Keys:
Skip to content (Access Key - 0)

Q: Migration to SHA-2 Certificate Authority

  • Why is MIT migrating to a new certificate authority?
  • What is the difference between SHA-1 and SHA-2 certificates?
  • How will I be affected by the change of certificate authority?


  • Applies to all operating systems and platforms


  • MIT is transitioning to the use of SHA-2 for certificates. In the near future, multiple web browsers such as Firefox, Internet Explorer, and Chrome, among others, will stop accepting the old SHA-1 certificate hash which has been used in the past. To prevent these browsers from refusing to accept MIT server certificates, MIT has decided to migrate to the SHA-2 hash for protection of our certificates.
  • According to Google, Chrome will begin treating SHA-1 based certificates valid past January 1 2017 as untrustworthy starting with the release of Chrome 39 in November 2014. Other browsers are also making plans to deprecate the use of SHA-1 in certificates.
  • Users of certificates should make plans to upgrade certificates before software begins rejecting the old certificate hash.
  • New MIT certificates will be signed by the "InCommon RSA Server CA" and will use 2048-bit RSA encryption as well as a SHA-256 hash.

Additional Browser Information


Firefox will introduce a warning for certificates valid past January 1, 2017 using SHA-1, and will reject such certificates entirely as of January 1, 2017:


In releases 39 through 41, Google will gradually phase out support for SHA-1 certificates entirely:

Internet Explorer

Internet Explorer will stop accepting SHA-1 based end-entity certificates by January 1, 2017:

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

October 29, 2014

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
c-certificates c-certificates Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
This product/service is:
Easy to use
Difficult to use

This article is:
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki