Technical SupportMatrix
Specialist PartnerWebsite SecurityWebsite Security
Platinum PartnerWe Mean e-Businessreg
Enhancing Website Securitywith Algorithm Agility
ENH
AN
CIN
G W
EBS
ITE SEC
UR
ITY
WITH
ALG
OR
ITHM
AG
ILITY
Enhancing Website Security with Algorithm Agility
White Paper
Enhancing Website Security with Algorithm Agility
Enhancing Website Security with Algorithm Agility
Contents
Introduction 3
Encryption Today 3
How Algorithms are Changing 4
A Closer Look at the New Algorithms 5
Digital Signature Algorithm (DSA) 5
Elliptic Curve Cryptography (ECC) 5
Algorithm Agility mdash Choosing the Right Algorithm for your Needs 6
Next Steps 7
Conclusion 7
Enhancing Website Security with Algorithm Agility
Introduction
Business owners require flexibility and scalability in their efforts to build trust
and protect online sites and transactions from Hackers Hackers are constantly
developing more sophisticated methods to breach security protections and inflict
damage on a business or its customers
Responsible business owners have long known to protect their online presence
through the use of SSL certificates provided by trusted third party Certification
Authorities (CA) The use of an SSL certificate allows authentication of the web
server the transmission of sensitive information and a recognized and trusted sign
of security to customers SSL Certificates have traditionally relied on encryption
using public and private keys based on the RSA algorithm While these keys remain
secure increasing threats from ever more powerful computers prompted the
National Institute of Standards and Technology (NIST) among others to call for
additional strengthening of online encryption1
With this need for additional security in mind and to ensure that business owners
can customize their protection to the needs of their business Symantec the
most trusted name in SSL Certification2 has introduced algorithm agility as part
of its SSL certification process This means businesses now have the ability to
choose between certificates that provide protection based on the RSA algorithm
on two alternative algorithms ECC and DSA or to generate certificates for all
three to install on a server This flexibility allows business owners to provide a
broader array of encryption options for different circumstances infrastructure and
customer or partner groups
This paper examines algorithm agility how it fits into the current and evolving
security landscape and how your business can enhance online security through a
more flexible scalable approach to SSL certification
Encryption Today
Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL)
protocols remains the industry standard for website authentication and protecting
information in transit Used by websites and browsers TLS allows for the
authentication compression and encryption of data passing between a client (end
user) and a server ensuring that hackers cannot access data while it is being sent
Users know that they are accessing a website or page protected by TLS when ldquohttprdquo
in the address line is replaced with ldquohttpsrdquo and a small padlock appears in the
status bar Such secure pages require the use of SSL certification to enable the
encryption of information that is transmitted to or from a secure web server The
vast majority of SSL certificates today rely on keys generated by and signed with
the RSA algorithm
The RSA algorithm remains an effective encryption option However the length of
the keys will continue to grow exponentially Online communities have noted the
ability of hackers using powerful computers to potentially crack keys approaching
1 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf2 Symantec US Online Consumer Study February 2011
Enhancing Website Security with Algorithm Agility
1024 bits NIST has therefore recommended that by the end of 2013 Certificate
Authorities should not issue any new SSLTLS certificates with RSA public key sizes
smaller than 2048 bits3
At the same time alternative algorithms for encryption and signing have been
adopted by the federal government which has issued guidelines based on Elliptic
Curve Cryptography (ECC) and Digital Signature Algorithms (DSA)4 Already binding
on the Federal Government the new NIST Suite B guidelines and recommendations
are also usually adopted as best practices by commercial businesses
Certificates signed with the RSA algorithm have been in widespread use for many
years but algorithm agility based on the NIST guidelines allows businesses to
choose to implement certificates signed with three different algorithms RSA DSA
and ECC The design of TLS allows different algorithms to work either alone or
side by side so with algorithm agility business owners can choose the public key
algorithm or combination of algorithms that works best for their online presence
and infrastructure
How Algorithms are Changing
While all three public key cryptography systems are secure efficient and
commercially viable they differ in the kind of mathematical problem on which
they are based Not only does this affect how vulnerable they are to brute force
attacks often used by hackers but it can also lead to differences in the size of
the keys generated by the algorithm to provide a certain level of security NIST
provides guidelines for minimum sizes of the different keys according to the level
of security required
Minimum size (bits) of
Public Keys
Key Size
Ratio
Protection
from
Security (bits) DSA RSA ECC ECC to RSADSA Attack
80 1024 1024 160-223 16 Until 2010
112 2048 2048 224-255 19 Until 2030
128 3072 3072 256-383 112 Beyond 2031
192 7680 7680 384-511 120
256 15360 15360 512+ 130
Table 1 National Institute of Standards and Technology Guidelines for Public-Key Sizes
The chart above clearly shows that the size of RSA and DSA keys grows at a
much faster rate than those based on ECC when faced with increasing security
requirements This is important because longer keys require more storage space
more bandwidth to transmit and potentially more processor power and time to
generate the keys encrypt and decrypt with them
3 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf4 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
The RSA algorithm is and is likely to continue to be widely used for some time
and for most TLS Certificates RSA will remain the algorithm of choice for Web
transactions However as security demands increase and use of mobile devices
continues to expand there is a growing need for a more flexible encryption
landscape where business owners can customize the kind of protection they get to
the needs scale and technological configurations of their particular businesses
An increasing number of tablets smart phones and other mobile devices are
driving more traffic onto the web This is great for business but can present
a challenge for the number of total simultaneous connections to a single site
Algorithm agility can provide a scalable solution without sacrificing security
A Closer Look at the New Algorithms
If the options for encryption are expanding what changes are made to the levels
of protection available to businesses and how will algorithm agility the ability to
choose between three different algorithms affect SSL certification
First letrsquos take a closer look at the algorithms
Digital Signature Algorithm (DSA)
DSA is a discrete logarithm system It was developed by the National Security
Agency in 1991 as an alternative to RSA and is the federal standard for digital
signature5 The DSA algorithm provides the same level of protection and
performance as the RSA algorithm for similar key sizes but uses a different
mathematical algorithm for signing and the detection of any alteration to a
transmitted message
Although key sizes are identical to RSA key generation and digital signature using
DSA is faster Key verification is slightly slower
DSA is also compatible with most servers and because it is already a federal
standard using an SSL certificate that supports DSA makes it easier for businesses
to meet the requirements of government contracts
Elliptic Curve Cryptography (ECC)
The NIST Suite B recommendation that Certificate Authorities increase the
minimum key size associated with RSA supported SSL certificates demonstrates
that increasingly sophisticated security threats will drive the requirement for ever
larger RSA keys As Table 1 shows above at a certain point the RSA key size for the
security required simply becomes unwieldy increasing the amount of computing
power bandwidth for transmission and time required for the encryption and
decryption operation Itrsquos still secure but less efficient
Unlike RSA and DSA ECC algorithms are based on elliptic curves over finite fields a
much more difficult mathematical problem for hackers to attack using simple brute
force methods Using RSA and DSA algorithms the defining factor for how secure
the encryption can be is key length
5 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Securitywith Algorithm Agility
ENH
AN
CIN
G W
EBS
ITE SEC
UR
ITY
WITH
ALG
OR
ITHM
AG
ILITY
Enhancing Website Security with Algorithm Agility
White Paper
Enhancing Website Security with Algorithm Agility
Enhancing Website Security with Algorithm Agility
Contents
Introduction 3
Encryption Today 3
How Algorithms are Changing 4
A Closer Look at the New Algorithms 5
Digital Signature Algorithm (DSA) 5
Elliptic Curve Cryptography (ECC) 5
Algorithm Agility mdash Choosing the Right Algorithm for your Needs 6
Next Steps 7
Conclusion 7
Enhancing Website Security with Algorithm Agility
Introduction
Business owners require flexibility and scalability in their efforts to build trust
and protect online sites and transactions from Hackers Hackers are constantly
developing more sophisticated methods to breach security protections and inflict
damage on a business or its customers
Responsible business owners have long known to protect their online presence
through the use of SSL certificates provided by trusted third party Certification
Authorities (CA) The use of an SSL certificate allows authentication of the web
server the transmission of sensitive information and a recognized and trusted sign
of security to customers SSL Certificates have traditionally relied on encryption
using public and private keys based on the RSA algorithm While these keys remain
secure increasing threats from ever more powerful computers prompted the
National Institute of Standards and Technology (NIST) among others to call for
additional strengthening of online encryption1
With this need for additional security in mind and to ensure that business owners
can customize their protection to the needs of their business Symantec the
most trusted name in SSL Certification2 has introduced algorithm agility as part
of its SSL certification process This means businesses now have the ability to
choose between certificates that provide protection based on the RSA algorithm
on two alternative algorithms ECC and DSA or to generate certificates for all
three to install on a server This flexibility allows business owners to provide a
broader array of encryption options for different circumstances infrastructure and
customer or partner groups
This paper examines algorithm agility how it fits into the current and evolving
security landscape and how your business can enhance online security through a
more flexible scalable approach to SSL certification
Encryption Today
Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL)
protocols remains the industry standard for website authentication and protecting
information in transit Used by websites and browsers TLS allows for the
authentication compression and encryption of data passing between a client (end
user) and a server ensuring that hackers cannot access data while it is being sent
Users know that they are accessing a website or page protected by TLS when ldquohttprdquo
in the address line is replaced with ldquohttpsrdquo and a small padlock appears in the
status bar Such secure pages require the use of SSL certification to enable the
encryption of information that is transmitted to or from a secure web server The
vast majority of SSL certificates today rely on keys generated by and signed with
the RSA algorithm
The RSA algorithm remains an effective encryption option However the length of
the keys will continue to grow exponentially Online communities have noted the
ability of hackers using powerful computers to potentially crack keys approaching
1 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf2 Symantec US Online Consumer Study February 2011
Enhancing Website Security with Algorithm Agility
1024 bits NIST has therefore recommended that by the end of 2013 Certificate
Authorities should not issue any new SSLTLS certificates with RSA public key sizes
smaller than 2048 bits3
At the same time alternative algorithms for encryption and signing have been
adopted by the federal government which has issued guidelines based on Elliptic
Curve Cryptography (ECC) and Digital Signature Algorithms (DSA)4 Already binding
on the Federal Government the new NIST Suite B guidelines and recommendations
are also usually adopted as best practices by commercial businesses
Certificates signed with the RSA algorithm have been in widespread use for many
years but algorithm agility based on the NIST guidelines allows businesses to
choose to implement certificates signed with three different algorithms RSA DSA
and ECC The design of TLS allows different algorithms to work either alone or
side by side so with algorithm agility business owners can choose the public key
algorithm or combination of algorithms that works best for their online presence
and infrastructure
How Algorithms are Changing
While all three public key cryptography systems are secure efficient and
commercially viable they differ in the kind of mathematical problem on which
they are based Not only does this affect how vulnerable they are to brute force
attacks often used by hackers but it can also lead to differences in the size of
the keys generated by the algorithm to provide a certain level of security NIST
provides guidelines for minimum sizes of the different keys according to the level
of security required
Minimum size (bits) of
Public Keys
Key Size
Ratio
Protection
from
Security (bits) DSA RSA ECC ECC to RSADSA Attack
80 1024 1024 160-223 16 Until 2010
112 2048 2048 224-255 19 Until 2030
128 3072 3072 256-383 112 Beyond 2031
192 7680 7680 384-511 120
256 15360 15360 512+ 130
Table 1 National Institute of Standards and Technology Guidelines for Public-Key Sizes
The chart above clearly shows that the size of RSA and DSA keys grows at a
much faster rate than those based on ECC when faced with increasing security
requirements This is important because longer keys require more storage space
more bandwidth to transmit and potentially more processor power and time to
generate the keys encrypt and decrypt with them
3 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf4 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
The RSA algorithm is and is likely to continue to be widely used for some time
and for most TLS Certificates RSA will remain the algorithm of choice for Web
transactions However as security demands increase and use of mobile devices
continues to expand there is a growing need for a more flexible encryption
landscape where business owners can customize the kind of protection they get to
the needs scale and technological configurations of their particular businesses
An increasing number of tablets smart phones and other mobile devices are
driving more traffic onto the web This is great for business but can present
a challenge for the number of total simultaneous connections to a single site
Algorithm agility can provide a scalable solution without sacrificing security
A Closer Look at the New Algorithms
If the options for encryption are expanding what changes are made to the levels
of protection available to businesses and how will algorithm agility the ability to
choose between three different algorithms affect SSL certification
First letrsquos take a closer look at the algorithms
Digital Signature Algorithm (DSA)
DSA is a discrete logarithm system It was developed by the National Security
Agency in 1991 as an alternative to RSA and is the federal standard for digital
signature5 The DSA algorithm provides the same level of protection and
performance as the RSA algorithm for similar key sizes but uses a different
mathematical algorithm for signing and the detection of any alteration to a
transmitted message
Although key sizes are identical to RSA key generation and digital signature using
DSA is faster Key verification is slightly slower
DSA is also compatible with most servers and because it is already a federal
standard using an SSL certificate that supports DSA makes it easier for businesses
to meet the requirements of government contracts
Elliptic Curve Cryptography (ECC)
The NIST Suite B recommendation that Certificate Authorities increase the
minimum key size associated with RSA supported SSL certificates demonstrates
that increasingly sophisticated security threats will drive the requirement for ever
larger RSA keys As Table 1 shows above at a certain point the RSA key size for the
security required simply becomes unwieldy increasing the amount of computing
power bandwidth for transmission and time required for the encryption and
decryption operation Itrsquos still secure but less efficient
Unlike RSA and DSA ECC algorithms are based on elliptic curves over finite fields a
much more difficult mathematical problem for hackers to attack using simple brute
force methods Using RSA and DSA algorithms the defining factor for how secure
the encryption can be is key length
5 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
ENH
AN
CIN
G W
EBS
ITE SEC
UR
ITY
WITH
ALG
OR
ITHM
AG
ILITY
Enhancing Website Security with Algorithm Agility
White Paper
Enhancing Website Security with Algorithm Agility
Enhancing Website Security with Algorithm Agility
Contents
Introduction 3
Encryption Today 3
How Algorithms are Changing 4
A Closer Look at the New Algorithms 5
Digital Signature Algorithm (DSA) 5
Elliptic Curve Cryptography (ECC) 5
Algorithm Agility mdash Choosing the Right Algorithm for your Needs 6
Next Steps 7
Conclusion 7
Enhancing Website Security with Algorithm Agility
Introduction
Business owners require flexibility and scalability in their efforts to build trust
and protect online sites and transactions from Hackers Hackers are constantly
developing more sophisticated methods to breach security protections and inflict
damage on a business or its customers
Responsible business owners have long known to protect their online presence
through the use of SSL certificates provided by trusted third party Certification
Authorities (CA) The use of an SSL certificate allows authentication of the web
server the transmission of sensitive information and a recognized and trusted sign
of security to customers SSL Certificates have traditionally relied on encryption
using public and private keys based on the RSA algorithm While these keys remain
secure increasing threats from ever more powerful computers prompted the
National Institute of Standards and Technology (NIST) among others to call for
additional strengthening of online encryption1
With this need for additional security in mind and to ensure that business owners
can customize their protection to the needs of their business Symantec the
most trusted name in SSL Certification2 has introduced algorithm agility as part
of its SSL certification process This means businesses now have the ability to
choose between certificates that provide protection based on the RSA algorithm
on two alternative algorithms ECC and DSA or to generate certificates for all
three to install on a server This flexibility allows business owners to provide a
broader array of encryption options for different circumstances infrastructure and
customer or partner groups
This paper examines algorithm agility how it fits into the current and evolving
security landscape and how your business can enhance online security through a
more flexible scalable approach to SSL certification
Encryption Today
Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL)
protocols remains the industry standard for website authentication and protecting
information in transit Used by websites and browsers TLS allows for the
authentication compression and encryption of data passing between a client (end
user) and a server ensuring that hackers cannot access data while it is being sent
Users know that they are accessing a website or page protected by TLS when ldquohttprdquo
in the address line is replaced with ldquohttpsrdquo and a small padlock appears in the
status bar Such secure pages require the use of SSL certification to enable the
encryption of information that is transmitted to or from a secure web server The
vast majority of SSL certificates today rely on keys generated by and signed with
the RSA algorithm
The RSA algorithm remains an effective encryption option However the length of
the keys will continue to grow exponentially Online communities have noted the
ability of hackers using powerful computers to potentially crack keys approaching
1 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf2 Symantec US Online Consumer Study February 2011
Enhancing Website Security with Algorithm Agility
1024 bits NIST has therefore recommended that by the end of 2013 Certificate
Authorities should not issue any new SSLTLS certificates with RSA public key sizes
smaller than 2048 bits3
At the same time alternative algorithms for encryption and signing have been
adopted by the federal government which has issued guidelines based on Elliptic
Curve Cryptography (ECC) and Digital Signature Algorithms (DSA)4 Already binding
on the Federal Government the new NIST Suite B guidelines and recommendations
are also usually adopted as best practices by commercial businesses
Certificates signed with the RSA algorithm have been in widespread use for many
years but algorithm agility based on the NIST guidelines allows businesses to
choose to implement certificates signed with three different algorithms RSA DSA
and ECC The design of TLS allows different algorithms to work either alone or
side by side so with algorithm agility business owners can choose the public key
algorithm or combination of algorithms that works best for their online presence
and infrastructure
How Algorithms are Changing
While all three public key cryptography systems are secure efficient and
commercially viable they differ in the kind of mathematical problem on which
they are based Not only does this affect how vulnerable they are to brute force
attacks often used by hackers but it can also lead to differences in the size of
the keys generated by the algorithm to provide a certain level of security NIST
provides guidelines for minimum sizes of the different keys according to the level
of security required
Minimum size (bits) of
Public Keys
Key Size
Ratio
Protection
from
Security (bits) DSA RSA ECC ECC to RSADSA Attack
80 1024 1024 160-223 16 Until 2010
112 2048 2048 224-255 19 Until 2030
128 3072 3072 256-383 112 Beyond 2031
192 7680 7680 384-511 120
256 15360 15360 512+ 130
Table 1 National Institute of Standards and Technology Guidelines for Public-Key Sizes
The chart above clearly shows that the size of RSA and DSA keys grows at a
much faster rate than those based on ECC when faced with increasing security
requirements This is important because longer keys require more storage space
more bandwidth to transmit and potentially more processor power and time to
generate the keys encrypt and decrypt with them
3 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf4 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
The RSA algorithm is and is likely to continue to be widely used for some time
and for most TLS Certificates RSA will remain the algorithm of choice for Web
transactions However as security demands increase and use of mobile devices
continues to expand there is a growing need for a more flexible encryption
landscape where business owners can customize the kind of protection they get to
the needs scale and technological configurations of their particular businesses
An increasing number of tablets smart phones and other mobile devices are
driving more traffic onto the web This is great for business but can present
a challenge for the number of total simultaneous connections to a single site
Algorithm agility can provide a scalable solution without sacrificing security
A Closer Look at the New Algorithms
If the options for encryption are expanding what changes are made to the levels
of protection available to businesses and how will algorithm agility the ability to
choose between three different algorithms affect SSL certification
First letrsquos take a closer look at the algorithms
Digital Signature Algorithm (DSA)
DSA is a discrete logarithm system It was developed by the National Security
Agency in 1991 as an alternative to RSA and is the federal standard for digital
signature5 The DSA algorithm provides the same level of protection and
performance as the RSA algorithm for similar key sizes but uses a different
mathematical algorithm for signing and the detection of any alteration to a
transmitted message
Although key sizes are identical to RSA key generation and digital signature using
DSA is faster Key verification is slightly slower
DSA is also compatible with most servers and because it is already a federal
standard using an SSL certificate that supports DSA makes it easier for businesses
to meet the requirements of government contracts
Elliptic Curve Cryptography (ECC)
The NIST Suite B recommendation that Certificate Authorities increase the
minimum key size associated with RSA supported SSL certificates demonstrates
that increasingly sophisticated security threats will drive the requirement for ever
larger RSA keys As Table 1 shows above at a certain point the RSA key size for the
security required simply becomes unwieldy increasing the amount of computing
power bandwidth for transmission and time required for the encryption and
decryption operation Itrsquos still secure but less efficient
Unlike RSA and DSA ECC algorithms are based on elliptic curves over finite fields a
much more difficult mathematical problem for hackers to attack using simple brute
force methods Using RSA and DSA algorithms the defining factor for how secure
the encryption can be is key length
5 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Security with Algorithm Agility
Enhancing Website Security with Algorithm Agility
Contents
Introduction 3
Encryption Today 3
How Algorithms are Changing 4
A Closer Look at the New Algorithms 5
Digital Signature Algorithm (DSA) 5
Elliptic Curve Cryptography (ECC) 5
Algorithm Agility mdash Choosing the Right Algorithm for your Needs 6
Next Steps 7
Conclusion 7
Enhancing Website Security with Algorithm Agility
Introduction
Business owners require flexibility and scalability in their efforts to build trust
and protect online sites and transactions from Hackers Hackers are constantly
developing more sophisticated methods to breach security protections and inflict
damage on a business or its customers
Responsible business owners have long known to protect their online presence
through the use of SSL certificates provided by trusted third party Certification
Authorities (CA) The use of an SSL certificate allows authentication of the web
server the transmission of sensitive information and a recognized and trusted sign
of security to customers SSL Certificates have traditionally relied on encryption
using public and private keys based on the RSA algorithm While these keys remain
secure increasing threats from ever more powerful computers prompted the
National Institute of Standards and Technology (NIST) among others to call for
additional strengthening of online encryption1
With this need for additional security in mind and to ensure that business owners
can customize their protection to the needs of their business Symantec the
most trusted name in SSL Certification2 has introduced algorithm agility as part
of its SSL certification process This means businesses now have the ability to
choose between certificates that provide protection based on the RSA algorithm
on two alternative algorithms ECC and DSA or to generate certificates for all
three to install on a server This flexibility allows business owners to provide a
broader array of encryption options for different circumstances infrastructure and
customer or partner groups
This paper examines algorithm agility how it fits into the current and evolving
security landscape and how your business can enhance online security through a
more flexible scalable approach to SSL certification
Encryption Today
Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL)
protocols remains the industry standard for website authentication and protecting
information in transit Used by websites and browsers TLS allows for the
authentication compression and encryption of data passing between a client (end
user) and a server ensuring that hackers cannot access data while it is being sent
Users know that they are accessing a website or page protected by TLS when ldquohttprdquo
in the address line is replaced with ldquohttpsrdquo and a small padlock appears in the
status bar Such secure pages require the use of SSL certification to enable the
encryption of information that is transmitted to or from a secure web server The
vast majority of SSL certificates today rely on keys generated by and signed with
the RSA algorithm
The RSA algorithm remains an effective encryption option However the length of
the keys will continue to grow exponentially Online communities have noted the
ability of hackers using powerful computers to potentially crack keys approaching
1 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf2 Symantec US Online Consumer Study February 2011
Enhancing Website Security with Algorithm Agility
1024 bits NIST has therefore recommended that by the end of 2013 Certificate
Authorities should not issue any new SSLTLS certificates with RSA public key sizes
smaller than 2048 bits3
At the same time alternative algorithms for encryption and signing have been
adopted by the federal government which has issued guidelines based on Elliptic
Curve Cryptography (ECC) and Digital Signature Algorithms (DSA)4 Already binding
on the Federal Government the new NIST Suite B guidelines and recommendations
are also usually adopted as best practices by commercial businesses
Certificates signed with the RSA algorithm have been in widespread use for many
years but algorithm agility based on the NIST guidelines allows businesses to
choose to implement certificates signed with three different algorithms RSA DSA
and ECC The design of TLS allows different algorithms to work either alone or
side by side so with algorithm agility business owners can choose the public key
algorithm or combination of algorithms that works best for their online presence
and infrastructure
How Algorithms are Changing
While all three public key cryptography systems are secure efficient and
commercially viable they differ in the kind of mathematical problem on which
they are based Not only does this affect how vulnerable they are to brute force
attacks often used by hackers but it can also lead to differences in the size of
the keys generated by the algorithm to provide a certain level of security NIST
provides guidelines for minimum sizes of the different keys according to the level
of security required
Minimum size (bits) of
Public Keys
Key Size
Ratio
Protection
from
Security (bits) DSA RSA ECC ECC to RSADSA Attack
80 1024 1024 160-223 16 Until 2010
112 2048 2048 224-255 19 Until 2030
128 3072 3072 256-383 112 Beyond 2031
192 7680 7680 384-511 120
256 15360 15360 512+ 130
Table 1 National Institute of Standards and Technology Guidelines for Public-Key Sizes
The chart above clearly shows that the size of RSA and DSA keys grows at a
much faster rate than those based on ECC when faced with increasing security
requirements This is important because longer keys require more storage space
more bandwidth to transmit and potentially more processor power and time to
generate the keys encrypt and decrypt with them
3 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf4 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
The RSA algorithm is and is likely to continue to be widely used for some time
and for most TLS Certificates RSA will remain the algorithm of choice for Web
transactions However as security demands increase and use of mobile devices
continues to expand there is a growing need for a more flexible encryption
landscape where business owners can customize the kind of protection they get to
the needs scale and technological configurations of their particular businesses
An increasing number of tablets smart phones and other mobile devices are
driving more traffic onto the web This is great for business but can present
a challenge for the number of total simultaneous connections to a single site
Algorithm agility can provide a scalable solution without sacrificing security
A Closer Look at the New Algorithms
If the options for encryption are expanding what changes are made to the levels
of protection available to businesses and how will algorithm agility the ability to
choose between three different algorithms affect SSL certification
First letrsquos take a closer look at the algorithms
Digital Signature Algorithm (DSA)
DSA is a discrete logarithm system It was developed by the National Security
Agency in 1991 as an alternative to RSA and is the federal standard for digital
signature5 The DSA algorithm provides the same level of protection and
performance as the RSA algorithm for similar key sizes but uses a different
mathematical algorithm for signing and the detection of any alteration to a
transmitted message
Although key sizes are identical to RSA key generation and digital signature using
DSA is faster Key verification is slightly slower
DSA is also compatible with most servers and because it is already a federal
standard using an SSL certificate that supports DSA makes it easier for businesses
to meet the requirements of government contracts
Elliptic Curve Cryptography (ECC)
The NIST Suite B recommendation that Certificate Authorities increase the
minimum key size associated with RSA supported SSL certificates demonstrates
that increasingly sophisticated security threats will drive the requirement for ever
larger RSA keys As Table 1 shows above at a certain point the RSA key size for the
security required simply becomes unwieldy increasing the amount of computing
power bandwidth for transmission and time required for the encryption and
decryption operation Itrsquos still secure but less efficient
Unlike RSA and DSA ECC algorithms are based on elliptic curves over finite fields a
much more difficult mathematical problem for hackers to attack using simple brute
force methods Using RSA and DSA algorithms the defining factor for how secure
the encryption can be is key length
5 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Security with Algorithm Agility
Introduction
Business owners require flexibility and scalability in their efforts to build trust
and protect online sites and transactions from Hackers Hackers are constantly
developing more sophisticated methods to breach security protections and inflict
damage on a business or its customers
Responsible business owners have long known to protect their online presence
through the use of SSL certificates provided by trusted third party Certification
Authorities (CA) The use of an SSL certificate allows authentication of the web
server the transmission of sensitive information and a recognized and trusted sign
of security to customers SSL Certificates have traditionally relied on encryption
using public and private keys based on the RSA algorithm While these keys remain
secure increasing threats from ever more powerful computers prompted the
National Institute of Standards and Technology (NIST) among others to call for
additional strengthening of online encryption1
With this need for additional security in mind and to ensure that business owners
can customize their protection to the needs of their business Symantec the
most trusted name in SSL Certification2 has introduced algorithm agility as part
of its SSL certification process This means businesses now have the ability to
choose between certificates that provide protection based on the RSA algorithm
on two alternative algorithms ECC and DSA or to generate certificates for all
three to install on a server This flexibility allows business owners to provide a
broader array of encryption options for different circumstances infrastructure and
customer or partner groups
This paper examines algorithm agility how it fits into the current and evolving
security landscape and how your business can enhance online security through a
more flexible scalable approach to SSL certification
Encryption Today
Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL)
protocols remains the industry standard for website authentication and protecting
information in transit Used by websites and browsers TLS allows for the
authentication compression and encryption of data passing between a client (end
user) and a server ensuring that hackers cannot access data while it is being sent
Users know that they are accessing a website or page protected by TLS when ldquohttprdquo
in the address line is replaced with ldquohttpsrdquo and a small padlock appears in the
status bar Such secure pages require the use of SSL certification to enable the
encryption of information that is transmitted to or from a secure web server The
vast majority of SSL certificates today rely on keys generated by and signed with
the RSA algorithm
The RSA algorithm remains an effective encryption option However the length of
the keys will continue to grow exponentially Online communities have noted the
ability of hackers using powerful computers to potentially crack keys approaching
1 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf2 Symantec US Online Consumer Study February 2011
Enhancing Website Security with Algorithm Agility
1024 bits NIST has therefore recommended that by the end of 2013 Certificate
Authorities should not issue any new SSLTLS certificates with RSA public key sizes
smaller than 2048 bits3
At the same time alternative algorithms for encryption and signing have been
adopted by the federal government which has issued guidelines based on Elliptic
Curve Cryptography (ECC) and Digital Signature Algorithms (DSA)4 Already binding
on the Federal Government the new NIST Suite B guidelines and recommendations
are also usually adopted as best practices by commercial businesses
Certificates signed with the RSA algorithm have been in widespread use for many
years but algorithm agility based on the NIST guidelines allows businesses to
choose to implement certificates signed with three different algorithms RSA DSA
and ECC The design of TLS allows different algorithms to work either alone or
side by side so with algorithm agility business owners can choose the public key
algorithm or combination of algorithms that works best for their online presence
and infrastructure
How Algorithms are Changing
While all three public key cryptography systems are secure efficient and
commercially viable they differ in the kind of mathematical problem on which
they are based Not only does this affect how vulnerable they are to brute force
attacks often used by hackers but it can also lead to differences in the size of
the keys generated by the algorithm to provide a certain level of security NIST
provides guidelines for minimum sizes of the different keys according to the level
of security required
Minimum size (bits) of
Public Keys
Key Size
Ratio
Protection
from
Security (bits) DSA RSA ECC ECC to RSADSA Attack
80 1024 1024 160-223 16 Until 2010
112 2048 2048 224-255 19 Until 2030
128 3072 3072 256-383 112 Beyond 2031
192 7680 7680 384-511 120
256 15360 15360 512+ 130
Table 1 National Institute of Standards and Technology Guidelines for Public-Key Sizes
The chart above clearly shows that the size of RSA and DSA keys grows at a
much faster rate than those based on ECC when faced with increasing security
requirements This is important because longer keys require more storage space
more bandwidth to transmit and potentially more processor power and time to
generate the keys encrypt and decrypt with them
3 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf4 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
The RSA algorithm is and is likely to continue to be widely used for some time
and for most TLS Certificates RSA will remain the algorithm of choice for Web
transactions However as security demands increase and use of mobile devices
continues to expand there is a growing need for a more flexible encryption
landscape where business owners can customize the kind of protection they get to
the needs scale and technological configurations of their particular businesses
An increasing number of tablets smart phones and other mobile devices are
driving more traffic onto the web This is great for business but can present
a challenge for the number of total simultaneous connections to a single site
Algorithm agility can provide a scalable solution without sacrificing security
A Closer Look at the New Algorithms
If the options for encryption are expanding what changes are made to the levels
of protection available to businesses and how will algorithm agility the ability to
choose between three different algorithms affect SSL certification
First letrsquos take a closer look at the algorithms
Digital Signature Algorithm (DSA)
DSA is a discrete logarithm system It was developed by the National Security
Agency in 1991 as an alternative to RSA and is the federal standard for digital
signature5 The DSA algorithm provides the same level of protection and
performance as the RSA algorithm for similar key sizes but uses a different
mathematical algorithm for signing and the detection of any alteration to a
transmitted message
Although key sizes are identical to RSA key generation and digital signature using
DSA is faster Key verification is slightly slower
DSA is also compatible with most servers and because it is already a federal
standard using an SSL certificate that supports DSA makes it easier for businesses
to meet the requirements of government contracts
Elliptic Curve Cryptography (ECC)
The NIST Suite B recommendation that Certificate Authorities increase the
minimum key size associated with RSA supported SSL certificates demonstrates
that increasingly sophisticated security threats will drive the requirement for ever
larger RSA keys As Table 1 shows above at a certain point the RSA key size for the
security required simply becomes unwieldy increasing the amount of computing
power bandwidth for transmission and time required for the encryption and
decryption operation Itrsquos still secure but less efficient
Unlike RSA and DSA ECC algorithms are based on elliptic curves over finite fields a
much more difficult mathematical problem for hackers to attack using simple brute
force methods Using RSA and DSA algorithms the defining factor for how secure
the encryption can be is key length
5 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Security with Algorithm Agility
1024 bits NIST has therefore recommended that by the end of 2013 Certificate
Authorities should not issue any new SSLTLS certificates with RSA public key sizes
smaller than 2048 bits3
At the same time alternative algorithms for encryption and signing have been
adopted by the federal government which has issued guidelines based on Elliptic
Curve Cryptography (ECC) and Digital Signature Algorithms (DSA)4 Already binding
on the Federal Government the new NIST Suite B guidelines and recommendations
are also usually adopted as best practices by commercial businesses
Certificates signed with the RSA algorithm have been in widespread use for many
years but algorithm agility based on the NIST guidelines allows businesses to
choose to implement certificates signed with three different algorithms RSA DSA
and ECC The design of TLS allows different algorithms to work either alone or
side by side so with algorithm agility business owners can choose the public key
algorithm or combination of algorithms that works best for their online presence
and infrastructure
How Algorithms are Changing
While all three public key cryptography systems are secure efficient and
commercially viable they differ in the kind of mathematical problem on which
they are based Not only does this affect how vulnerable they are to brute force
attacks often used by hackers but it can also lead to differences in the size of
the keys generated by the algorithm to provide a certain level of security NIST
provides guidelines for minimum sizes of the different keys according to the level
of security required
Minimum size (bits) of
Public Keys
Key Size
Ratio
Protection
from
Security (bits) DSA RSA ECC ECC to RSADSA Attack
80 1024 1024 160-223 16 Until 2010
112 2048 2048 224-255 19 Until 2030
128 3072 3072 256-383 112 Beyond 2031
192 7680 7680 384-511 120
256 15360 15360 512+ 130
Table 1 National Institute of Standards and Technology Guidelines for Public-Key Sizes
The chart above clearly shows that the size of RSA and DSA keys grows at a
much faster rate than those based on ECC when faced with increasing security
requirements This is important because longer keys require more storage space
more bandwidth to transmit and potentially more processor power and time to
generate the keys encrypt and decrypt with them
3 httpcsrcnistgovpublicationsnistpubs800-131Asp800-131Apdf4 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
The RSA algorithm is and is likely to continue to be widely used for some time
and for most TLS Certificates RSA will remain the algorithm of choice for Web
transactions However as security demands increase and use of mobile devices
continues to expand there is a growing need for a more flexible encryption
landscape where business owners can customize the kind of protection they get to
the needs scale and technological configurations of their particular businesses
An increasing number of tablets smart phones and other mobile devices are
driving more traffic onto the web This is great for business but can present
a challenge for the number of total simultaneous connections to a single site
Algorithm agility can provide a scalable solution without sacrificing security
A Closer Look at the New Algorithms
If the options for encryption are expanding what changes are made to the levels
of protection available to businesses and how will algorithm agility the ability to
choose between three different algorithms affect SSL certification
First letrsquos take a closer look at the algorithms
Digital Signature Algorithm (DSA)
DSA is a discrete logarithm system It was developed by the National Security
Agency in 1991 as an alternative to RSA and is the federal standard for digital
signature5 The DSA algorithm provides the same level of protection and
performance as the RSA algorithm for similar key sizes but uses a different
mathematical algorithm for signing and the detection of any alteration to a
transmitted message
Although key sizes are identical to RSA key generation and digital signature using
DSA is faster Key verification is slightly slower
DSA is also compatible with most servers and because it is already a federal
standard using an SSL certificate that supports DSA makes it easier for businesses
to meet the requirements of government contracts
Elliptic Curve Cryptography (ECC)
The NIST Suite B recommendation that Certificate Authorities increase the
minimum key size associated with RSA supported SSL certificates demonstrates
that increasingly sophisticated security threats will drive the requirement for ever
larger RSA keys As Table 1 shows above at a certain point the RSA key size for the
security required simply becomes unwieldy increasing the amount of computing
power bandwidth for transmission and time required for the encryption and
decryption operation Itrsquos still secure but less efficient
Unlike RSA and DSA ECC algorithms are based on elliptic curves over finite fields a
much more difficult mathematical problem for hackers to attack using simple brute
force methods Using RSA and DSA algorithms the defining factor for how secure
the encryption can be is key length
5 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Security with Algorithm Agility
The RSA algorithm is and is likely to continue to be widely used for some time
and for most TLS Certificates RSA will remain the algorithm of choice for Web
transactions However as security demands increase and use of mobile devices
continues to expand there is a growing need for a more flexible encryption
landscape where business owners can customize the kind of protection they get to
the needs scale and technological configurations of their particular businesses
An increasing number of tablets smart phones and other mobile devices are
driving more traffic onto the web This is great for business but can present
a challenge for the number of total simultaneous connections to a single site
Algorithm agility can provide a scalable solution without sacrificing security
A Closer Look at the New Algorithms
If the options for encryption are expanding what changes are made to the levels
of protection available to businesses and how will algorithm agility the ability to
choose between three different algorithms affect SSL certification
First letrsquos take a closer look at the algorithms
Digital Signature Algorithm (DSA)
DSA is a discrete logarithm system It was developed by the National Security
Agency in 1991 as an alternative to RSA and is the federal standard for digital
signature5 The DSA algorithm provides the same level of protection and
performance as the RSA algorithm for similar key sizes but uses a different
mathematical algorithm for signing and the detection of any alteration to a
transmitted message
Although key sizes are identical to RSA key generation and digital signature using
DSA is faster Key verification is slightly slower
DSA is also compatible with most servers and because it is already a federal
standard using an SSL certificate that supports DSA makes it easier for businesses
to meet the requirements of government contracts
Elliptic Curve Cryptography (ECC)
The NIST Suite B recommendation that Certificate Authorities increase the
minimum key size associated with RSA supported SSL certificates demonstrates
that increasingly sophisticated security threats will drive the requirement for ever
larger RSA keys As Table 1 shows above at a certain point the RSA key size for the
security required simply becomes unwieldy increasing the amount of computing
power bandwidth for transmission and time required for the encryption and
decryption operation Itrsquos still secure but less efficient
Unlike RSA and DSA ECC algorithms are based on elliptic curves over finite fields a
much more difficult mathematical problem for hackers to attack using simple brute
force methods Using RSA and DSA algorithms the defining factor for how secure
the encryption can be is key length
5 httpcsrcnistgovpublicationsfipsfips186-3fips_186-3pdf
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Security with Algorithm Agility
With ECC the nature of the mathematical problem at its core means that as key
size increases its decryption operations become more difficult at a faster rate than
those of RSA This means that a shorter ECC key is more difficult for a hacker to
break than the same length of RSA key and can provide the same or better security
coverage than a much longer RSA key Key sizes for ECC increase linearly instead of
exponentially so as guidelines change their efficiency increases
Algorithm Agility mdash Choosing the Right Algorithm for your Needs
While ECC is already embraced by federal agencies ECC is not ubiquitous in
terms of adoption allowance and availability across all browsers and servers For
businesses this means that ECC may not if used as the only encryption algorithm
be the right solution for your particular mix of hardware and devices
When looking at the customer side ECC is a relatively new technology for mobile
and browsers so it may not yet be easily available to all of your customers If the
customer device or browser does not support a particular algorithm that customer
may not be able to complete a transaction This means that ECC by itself may
not be the best choice for the SSL certificate for by example a retail site where
customers need to feel confident that they can make purchases easily and securely
However a business using multiple certificates DSA and RSA ECC and RSA or all
three at once increases their coverage
Several factors will help you decide which algorithm or combination of algorithms
in your SSL certificate best meets the needs of your business While it is highly
likely that RSA will continue to be used for some time algorithm agility opens up
new options The option to choose SSL certification based on different algorithms
allows business owners to extend their online security easily meet the needs of
government clients and partners and tailor security protection to their business
requirements in a way that has not previously been possible
The first factor for business owners or IT managers to consider is the organizationrsquos
current Web server standards Some web servers can handle RSA DSA or ECC
and can be configured to use all three types of certificate for one domain name
on a single Web server Others can handle RSA or ECC but are limited to only one
certificate per Web server
TLS is also used for encryption between email servers and other services and
the internal tools scaling and architecture for these services would need to be
considered
Second is the tradeoff in speed of authentication between the algorithm types
RSA is faster on the client side of authentication and ECC is faster on the server
side RSA signatures also can be verified faster than ECC signatures The usage
of each key type will depend greatly on the type of transaction intended Factors
to consider here include the processing power of the end device storage space
bandwidth power consumption and how widely the algorithm is adopted by your
customers and their client devices or browsers
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Security with Algorithm Agility
The number of expected connections may also play a factor in decision making
Depending on web server configuration servers may be able to handle more
concurrent connections with an ECC certificate than an RSA certificate An
organization must consider their needed balance between safety user experience
and IT costs in network processing
The last consideration is the identity of your customers or partners DSA and ECC
are embraced by many government agencies and may be required in interactions
with them This could include government contracts and sub-contracts and
information exchanges with governmental branch entities
In a best case scenario an organization would be able to install all three
certificates on their transaction server Configured properly a server could then
accept any request from an end point avoiding risk and providing 100 client
coverage
Next Steps
In order for customers to truly realize all of the benefits of the enhanced security
offered by new algorithms DSA and ECC support will have to become more
widespread especially in the mobile environment that is processing more and
more of our daily online life
This may also lead to changes in the visual cues we are accustomed to on web
browsers As yet there is no standard for mobile or tablet browsers equivalent to
the trusted HTTPS and padlock indicators as well as the Extended Validation green
bar we now see on web browsers
In the meantime Symantecrsquos algorithm agility approach provides businesses with
an easy and effective transition Symantec customers now have the option to
choose SSL certificates that use both the traditional RSA algorithm and either DSA
or ECC algorithms for enhanced security
Conclusion
Security demands will increase and hacker attempts will become more
sophisticated and powerful but security measures are improving alongside the
threats Algorithm agility will be of increasing value to businesses allowing owners
and IT departments the flexibility and scalability they need to tailor protection to
the needs of their customers and their businesses
Symantec has made it easy to get started Our popular SSL certificates now include
DSA or ECC algorithms alongside the standard RSA algorithms Integrating the new
algorithms into SSL certificate products provides a convenient way for businesses
to improve and enhance their online security in partnership with the most trusted
Certificate Authority in the world
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Enhancing Website Security with Algorithm Agility
More Information
Visit our website
httpgosymanteccomssl-certificates
To speak with a Product Specialist in the US
Call toll-free 1(866) 893-6565 or 1(650) 426-5112
To speak with a Product Specialist outside the US
For specific country offices and contact numbers please visit our website
About Symantec
Symantec is a global leader in providing security storage and systems
management solutions to help consumers and organizations secure and manage
their information-driven world Our software and services protect against more
risks at more points more completely and efficiently enabling confidence
wherever information is used or stored
Symantec Corporation World Headquarters
350 Ellis Street
Mountain View CA 94043 USA
1 (866) 893 6565
wwwsymanteccom
Copyright copy 2013 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe US and other countries VeriSign and other related marks are the trademarks or registered trademarks of VeriSign Inc or its affiliates or subsidiaries in the US and other countries and licensed toSymantec Corporation Other names may be trademarks of their respective owners
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM Managed PKI for SSL
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Businesses and organizations of all kinds rely on websites intranets and extranets to exchange confidential information and enable eCommerce For businesses protecting intellectual property as well as customer data in transit is a top priority Just as important consumers need to know that they can trust their online transactions
Secure Sockets Layer (SSL) certificates are used to verify the legitimacy of websites and to encrypt information in transit Managing certificates can be challenging when servers are deployed across various divisions and locations Complexity increases as an organization expands its SSL certificate inventory to keep pace with growth A centralized and flexible solution is needed to simplify the comprehensive management of SSL certificates across the enterprise
Gaining unmatched confidence from a comprehensive solution Symantectrade Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates
Symantectrade Managed PKI for SSL
Key Features and Benefits
Features
bull Capacity to manage thousands of SSL and code-signing certificates
bull Cloud-based console for easy and rapid deployment
bull Delegated administration and role-based access for security and control
bull Instant issuance of certificates on pre-approved domains for rapid response to business needs
bull Option to choose from three different encryption algorithmsmdashRSA ECC and DSA
bull Detailed reports and audit trails for accountability and compliance verification
bull Award-winning support for resolution of issues
Benefits
bull Inspire trust and confidence in customers and stakeholders
bull Select the vendor chosen by 94 of the 100 largest financial institutions worldwide
bull Keep pace with business growth while increasing operational efficiency
Datasheet Symantectrade Managed PKI for SSL
Symantec MPKI for SSL facilitates centralized control and comprehensive lifecycle
management of Symantec SSL and code-signing certificates across the enterprise
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Symantectrade Managed PKI for SSL
Protecting data in transit Symantec MPKI for SSL supports a full range of code-signing products and SSL certificates including the following
bull Extended Validation SSL
bull Subject Alternative Name (SAN)
bull Wildcard SSL
bull Intranet certificates
Full algorithm agilityIn addition to the RSA algorithm Symantec MPKI for SSL supports two newly introduced encryption algorithms mdash Elliptic Curve Cryptography (ECC) and Digital
Signature Algorithm (DSA)mdashfor full algorithm agility
Managing SSL certificates in heterogeneous environments Symantec Certificate Intelligence Center (CIC) an add-on option with MPKI for SSL enables advance discovery of all SSL certificates across multiple Certification Authorities (CA)
bull Gain complete visibility into all SSL certificates across your enterprise regardless of the issuing CA
bull Maintain business continuity and prevent unknown certificate expirations by identifying rogue certificates and bringing them under management
bull Increase efficiency with a cloud-based service
Issuing and tracking private intranet certificatesSymantec Private Certification Authority (CA) is a cost-effective solution to improve the security and management of private intranet certificates while adhering to corporate and industry compliance standards
bull Consolidate the management of public and private certificates
bull Bring an end to unexpected expirations with superior visibility on a single console
bull Avoid the errors and hidden costs often associated with self-signed certificates
bull Maintain compliance by issuing certificates without concern of changing regulations affecting SSL certificates chained to public roots
bull Mitigate security risks by separating roles and responsibilities between administrators and requestors
bull Leverage the validation infrastructure with 100 percent uptime since 2004
bull Take advantage of the robust infrastructure that supports an average of 6 billion Online Certificate Status Protocol (OCSP) lookups every day
bull Manage and control the deployment of SSL certificates and website protection services from a central console
bull Manage the complete SSL certificate lifecycle with delegated administration role-based access and instant issuance of certificates
bull Get up to 24x7 technical assistance with our award-winning support team
Includes Symantec subsidiaries affiliates and resellers (based on Forbes Global 2000 list 2013 and internal customer analysis July 2013)
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Symantectrade Managed PKI for SSL
Copyright copy 2014 Symantec Corporation All rights reserved Symantec the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the US and other countries Other names may be trademarks of their respective owners
Going beyond SSL with trust services and information protection MPKI for SSL offers a broad range of additional service options all in a single solution
bull Activate an assessment to identify critical vulnerabilities on your website
bull Scan for malware to avoid propagation of viruses to customersrsquo systems
bull Turn on Symantec Seal-in-Search to increase traffic to your site
Leveraging award-winning supportSymantec provides support that will help ensure your business continuity Support is based on annual subscription with different offerings to meet your needs
Learn MoreTo learn more contact a Symantec sales representative at +1 (650) 426-5112 option3 send an email to SSL_EnterpriseSales_NAsymanteccom or visit our website at http gosymanteccommanaged-pki-for-ssl
To speak with a product specialist in the United States call +1 (866) 893-6565 or +1 (650) 426-5112 To speak with a product specialist outside the United States visit our website for specific country offices and contact numbers
About SymantecSymantec is a global leader in providing security storage and systems management solutions to help consumers and organizations secure and manage their information-driven world Our software and services protect against more risks at more points more completely and efficiently enabling confidence wherever information is used or stored
Symantec Corporation world headquarters350 Ellis StreetMountain View CA 94043 USA+1 (866) 893-6565
wwwsymanteccom
UID 2260714
For more information
AdwebTechnologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062India
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom httpsssladwebtechcom
More information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
Guide for Migrating toSHA-2 Certificates
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
WH
ITE PA
PER
powered by Symantec
White Paper
Guide for Migrating to SHA-2 CertificatesCryptographic algorithm migration checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
2
CONTENTS
Chapter 1 Summary 3
Chapter 2 Why is migration to SHA-2 certificates required 4
CryptographicalgorithmusedinSSLTLScommunication 4
Isthesecurityofcryptographicalgorithmsdeteriorating 5
Whatifalgorithmsecuritydeteriorates 6
Definingtestingandimplementingcountermeasures 7
Troubleshootingwhymighttestingfail 8
Chapter2Summary 10
Chapter 3 Checklist 9 actions for server managers 11
SSLcertificatechecklist 11
Serverconfigurationchecklist 12
Clientenvironmentsfactorstoconsider 14
Chapter 4 What is the deadline for making these changes 16
Requiredactions 17
Chapter 5 When will the next cryptographic algorithm migration take place 18
Chapter 6 Conclusion 18
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
3
Chapter 1 Summary
By2013almostallservermanagershaddealtwith
theY2010issueregardingcryptographicalgorithms
Howeveranewchallengehasnowemergedhowto
migratetotheSHA-2certificate
WhileSHA-2andY2010aresimilarintermsofthe
issuestheypresenttheydifferintermsofplatform
supportServermanagersmustplanwellbeforemaking
thetransitionandlearnfromsomeoftheexperiences
encounteredwithY2010toensuresuccess
Symantechascreatedausefulchecklistforserver
managersmigratingtoSHA-2certificates
Table 1 Checklist 9 items for server managers
No Item to check Category Check
1 Understand the key lengths of intermediate and root certificates and hash functions SSL server certificate
2 Generate a CSR Server settings
3 Set up intermediate certificates of cross root hierarchy Server settings
4 Confirm that Cipher Suite is available on the server Server settings
5(For inter-server communication environment) Take care to double-check required root certificates
Server settings (Or the client environment)
6 (For PC browsers) Check compatibility of Windows XP and Windows Vista or later Client environment
7 Review the cover ratio of phones and smartphones Client environment
8 Understand the characteristics of cell phone applications (Java BREW etc) Client environment
9(For household appliances and embedded devices) Understand the communication function and the root certificate of each device
Client environment
Chapter2ofthiswhitepaperdescribesthereasonsfor
migratingtoSHA-2certificateandsummarisesthemain
pointsforasmoothtransition
Chapter3offersguidanceonhowtoreviewand
implementchangesbasedonthechecklist
Chapters4and5describesomeprecautionsforthe
future
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
4
Chapter 2 Why is migration to SHA-2 Certificate required
Cryptographic algorithm used in SSLTLS communication
CryptographicalgorithmisresponsibleforsafeSSLTLS
communicationTheprotocolencryptsinformationand
distributesitsecurelyovertheinternetButascomputer
technologyadvancesanddecryptiontechniquesgrow
moresophisticatedtheeffectivenessofcryptographic
algorithmsgraduallydeterioratesDelayingitsmigration
isthereforelikelytocauseproblemslaterwhichcould
compromisetheconfidentialityofwebsitesandpersonal
information
Figure1CommunicationbetweenabrowserandawebserveruponinitiatinganSSLTLSsession
1Symantecsrootcertificatesarepre-installedonmanyclientdevicesincludingPCbrowsersandmobiledevicesascertificatesissuedbyareliableCAEndusersdonotneedtoinstallrootcertificatestoclientdevices
Root certificate
Symantecserver ID
1) Request for encryption
2) Send a server certificate
3) Create a common key
4) Initiate encrypted data transfer
Common key40bit~ 256bit
Common key40bit~ 256bit
Verified
Clients browser Web serverhttpswww
The web server sends the SSL certificates (and the intermediate certificates) to the client to have them verified
The browser uses its root certificate1 to verify that the received certificate has been issued by a reliable CA
SSLTLScommunicationusuallytakesplacebetween
abrowserandawebserverToenablethisSSL
certificatesmustbeinstalledonthewebserveranda
rootcertificateattachedtothebrowser
WhenabrowseraccessesawebserverwithaURL
startingwithhttpsaSSLcertificateisdownloaded
fromthatwebserveratthesametimeTheclient
verifiesthecertificatersquoselectronicsignatureusingthe
browser-embeddedrootcertificatestoensureithas
beenissuedbyalegitimatecertificationauthority(CA)
Thealgorithm-calledhashfunctions-isusedforthis
Oncecompletedauniquesessionkeyisgenerated
allowingbi-directionalcommunicationbetweenthe
browserandwebserverThekeyiscalledalsquocommon
keyrsquoandtheruleiscalledalsquocommonkeycryptosystemrsquo
Apublickey(includedintheSSLcertificate)anda
privatekey(managedonthewebserver)sharethe
commonkeyPublicandprivatekeysarealways
generatedasapairDataencryptedwithapublickey
canonlybedecryptedwiththeprivatekey
IfyoursquovealreadyinstalledanSSLcertificateonaweb
serveryoumightalreadybefamiliarwiththeprocess
ofgeneratingpublicandprivatekeysInessencethe
CSRsubmittedtoaCAincludesapublickeyandon
submissionaprivatekeywillbegeneratedontheserver
Hashfunctionsandpublicandcommonkey
cryptosystemsarecollectivelycalledlsquocryptographic
algorithmsrsquo
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
5
Is the security of cryptographic algorithms deteriorating
Cryptographicalgorithmsaretestedandevaluatedby
avarietyofinstitutionsTheUSNationalInstituteof
StandardsandTechnology(NIST)usesacommonscale
tomeasuresomeofthemTheseareshowninTable2
ThepublickeycryptosystemofRSA1024bit-which
migratedaspartofthesolutiontoY2010-andthehash
functionSHA-1areevaluatedashavingasecuritylevel
of80bitThismeansthecalculationrequiredtodecrypt
acryptographicalgorithminthisgrouphasthesecurity
strengthequivalenttothe80thpowerof2
CRYPTREC(CryptographyResearchandEvaluation
Committeesaprojecttoresearchandevaluate
cryptographictechnologies)hasannouncedthatSHA-1
shouldnolongerberecommendedbecauseitnow
carriesahigherriskofbeingdecryptedCRYPTREC
advisesthatitshouldnotbeusedforanythingother
thanmaintainingcompatibility1
AttheCRYPTO2010conferenceapaperdocumentinga
pre-imageattackagainstSHA-1withfewercalculations
todecryptwaspresented2Thisdemonstratedhow
cryptographicalgorithmsdepreciateascomputing
capabilityadvancesandnewattacktechniquesare
developed
AssuchwearenowfacingarealisticthreatItisfeared
thatSHA-1mightbedecryptedwithinafewyearsby
hackerswithsufficientfundingandknowledge
HowevertheSHA-2hashalgorithmwithasecurity
equivalenceof112bit(SHA-224SHA-256SHA-384
SHA-512hereinaftercollectivelycalledSHA-2)is
listedbyCRYPTRECasarecommendedcryptographic
algorithmforgovernmentSHA-2ispredictedtobeused
widelyinthefutureasitscryptographictechnologyhas
provensecurityandcompatibilitywithexistingsystems
InrealitycompleteY2010compliancecanonly
beachievedwhenSHA-1isterminatedandSHA-2
isadoptedWiththismindmigrationtoSHA-2is
stronglyrecommendedasageneralinternetsecurity
requirement
ForexamplebothNISTandPCIDSS(Payment
CardIndustryDataSecurityStandards)advisedUS
governmentalsystemstoterminateSHA-1bytheend
of2013
ButitwastheannouncementmadebyMicrosoft3
thathashadthegreatestimpactontheprivatesector
MicrosoftrecommendedmigrationtoSHA-2regarding
SSLcertificationforWindowsOSandannouncedaplan
toterminateSHA-1bytheendof2016
Table 2 Equivalent security of each type of cryptographic algorithm (Excerpt from 56 Guidance for Cryptographic Algorithm and key length Selection in NIST SP 800-57ldquoRecommendation for Key Managementrdquo)
Equivalent security(Bits of Security)
Public key cryptosystemand the key length (in case of RSA)
Hash functionCommon key cryptosystem and the key length
80bit 1024bit or larger
SHA-11
SHA-224 SHA-256
SHA-384 SHA-512
2TDEA (2 key Triple DES)
3TDEA (3 key Triple DES)
AES 128 bit or larger
112bit 2048bit or largerSHA-224 SHA-256
SHA-384 SHA-512
3TDEA (3 key Triple DES)
AES 128 bit or larger
128bit 3072bit or largerSHA-256 SHA-384
SHA-512AES 128 bit or larger
192bit 7680bit or larger SHA-384 SHA-512 AES 192 bit or larger
256bit 15360bit or larger SHA-512 AES 256 bit or larger
Low
Secu
rity
Hig
h
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
6
What if algorithm security deteriorates
Whatwouldhappenifalgorithmsecuritydecreased
regardlessofmigrationThetablebelowshowsthe
purposeofeachalgorithmIfcryptographicalgorithm
securitydepreciatesandanattackhasoccurredthen
thesepurposescannotbefulfilled-andsecurityriskswill
beexposed
AccordingtoMicrosoftSHA-1willbeterminatedfor
WindowsOSbytheendof2016Afterthatanerror
messagewillbeshownonInternetExplorerandother
browsersforSSLcertificatesthatuseSHA-1
Whatcanservermanagersdotopreventtheserisks
AsTable3showstheultimatepreventionstrategyisto
enhancethesecurityoftheirwebserviceenvironment
byterminatinguseofSHA-1andotheralgorithmswith
compromisedsecurity
Howeverarealloperationalserversandbrowsersready
tomanageSHA-2Thoroughcompatibilitytestmustbe
conductedbeforetrying
ThenextpagedescribeswhereandhowtoconductSHA-
2-readytestsandimplementmeasuresforwebservices
orcorporatesystems
Table 3 Types and purposes of cryptographic algorithms
Type of cryptographic algorithm
Purpose in SSLTLS communicationExample of algorithm considered safe at present
Public-keyencryption
TheprivatekeyisstoredonthewebserverThepublickeythe
companiontotheprivatekeyispublishedinthecertificateThis
algorithmisusedtosafelysharethecommonkeyortoidentifythe
managerofthewebserver
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
RSA2048bitECDSA(NISTP-256etc)
Hashfunction
WorkstodetecttamperingwithdatabyathirdpartyThisalgorithmis
usedbyCAtoattachadigitalsignaturewhenissuingSSLcertificates
orbybrowserstoverifythesignatureonthecertificate
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithmproperly
SHA-2
(SHA-224SHA-256etc)
Common-keyencryption
Generateduponeachsessionofcommunicationbetweenaserverand
abrowserandusedtoencryptdecryptthetransmitteddata
WebserversandbrowserswhichperformSSLTLScommunication
mustbecapableofhandlingeachalgorithm(keylength)properly
AES128bitetc
Table 4 Risks of depreciated cryptographic algorithm
Type of cryptographic algorithm
Risk caused by depreciated security Means to cause security depreciation
Public-keyencryption
TheprivatekeymaybecalculatedwiththepublickeyThisenablesthe
attackertoimpersonateanorganizationoranindividualwhoownsa
legitimatecertificateortotapdatabyillicitdecryption
-Generalnumberfieldsieve
Hashfunction
Differentdatawiththesamehashvaluemaybecreated
Theattackercancreateafraudulentcertificateanddisguiseitasa
certificateissuedbylegitimateCAwhichenablesimpersonatingan
organizationoranindividualwhoownsalegitimatecertificate
-Collisionattack
-Pre-imageattack
-Chosen-prefixattack
Common-keyencryptionEncrypteddatamaybeillicitlydecryptedThisenablestappingthe
originaldata(plaintext)
-Brute-forceattack
-Ciphertextmatchingattack
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
7
Defining testing and implementing countermeasures
Corporatewebsiteservermanagersmustreviewthe
clientenvironmentthatcommunicateswiththeir
websiteaswellastheserverenvironmentitselfFor
exampleECsite-managingorganisationsmustruntests
withawidevarietyofmobilephonemodelsandweb
browserstocheckoperationsincludingpaymentsLarge
organisationswithinter-servercommunicationsystems
mustreviewawiderangeoftestscenariosrepeatedly
evenforminorconfigurations
Table5liststhetestsrequiredforvariousenvironments
whenswitchinghashalgorithmsinstalledontheSSL
certificatefromSHA-1toSHA-2
Table 5 How to run the tests when switching hash algorithms for SSL certificate from SHA-1 to SHA-2
Website Embedded communication device Inter-server communication system
Imagehttps https https
Environment
component
-Webserver
-PCbrowser
Cellphone(incaseofwebsitesofcell
phones)
-Webserver
-Communicationdevice(household
appliancesvideo-gameconsoleoffice
automationequipmentetc)
-Interactiveserverenvironment
Server
preparationfor
tests
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonthewebserver
InstallanSSLcertificatewithSHA-2
signatureonallserverenvironmentwhich
performstransactionprocess
Itemstotest
regarding
SSLTLS
communication
Whetherthewebsitecanbeproperly
accessedwithhttpsfromallthe
possibleclientenvironmentsincluding
PCbrowsersandcellphones
Whetherthewebservercanbeproperly
accessedfromcommunicationdevices
usedforthewebservice
Whetherthehttpscommunication
isproperlyconductedamongallthe
interactingservers
Possible
reasonsthat
mayproduce
badresults
-Thecellphoneisnotembeddedwitha
requiredrootcertificate
-Thecellphoneisincompatiblewith
SHA-2
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedonthewebserver
-Thecommunicationdeviceisnot
embeddedwithrequiredrootcertificates
-Thecommunicationdeviceisunableto
handleSHA-2
-Inadequatedesignorcodingofthe
communicationdevice
-Theserverisnotembeddedwith
requiredrootcertificates
-Configurationmistakessuchas
intermediatecertificatenotbeing
installedontheserver
-Inadequatedesignorcodingofthe
serverapplication
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
8
Troubleshooting why might testing fail
Itispossiblethattestresultscanbepoorinany
environmentBelowarealistofSSLTLScommunication
componentspossiblereasonsforfailureandhowyou
canaddressthem
1 SSL certificate
MostbadresultscausedbyanSSLcertificatefallinto
thefollowingcategories
Category 1 The servers or browsers are incompatible with the cryptographic algorithm used on the certificate
Ifyouupgradethecryptographicalgorithmforthe
SSLcertificatewithouttheserverorthebrowserbeing
managedproperlyyourservicesmaysuddenlynot
befullyavailableThereforecertificate-issuingCAs
mustpaycloseattentiontotransferthecryptographic
algorithmscorrectly
Howeverusinganinsecurecryptographicalgorithm
simplytoensurecompatibilitywitholdbrowsersmight
leadtoabreach
Servermanagersmustdecidewhichcertificateandweb
serverbrowserstouseforthebestserviceperformance
andsecurity
Category 2 The required root certificate does not exist on the client side
IftherootcertificateissuedbytheCA(whichisalso
theissueroftheSSLcertificate)doesnotexistonthe
clientsidetheserverscertificatewillbeconsidered
illicitAlthoughthismayalsobeduetoinadequate
implementationofclientbrowsersordevicesin
mostcasesitiscausedbytheabsenceofanewroot
certificate
Category 3 Categories 1 and 2 have not occurred - but bad results are still happening
Thiscouldbeduetotheabsenceofrequireddataor
inadequateconfiguration(suchasincorrectinstallation
ofSSLorintermediatecertificates)
2 Web servers (for general websites)
Mostwebservershavehigh-endCPUswithhigh
processingcapacityandfrequentupdatesThismeans
thattheyaremorelikelytobeequippedwithmore
securecryptographicalgorithms
ResearchconductedbySymantecinregardtohash
algorithms4showsthatthelatestversionsofweb
serversarebeingequippedwithSHA-2-compatibleSSL
certificatesRegardingthecommonkeycryptosystem
moresecurealgorithmssuchasAES-128bitare
availableonmostwebserversHoweversomeofthem
arestillaccessiblewithDESorRC4whichisconsidered
tobelesssecure5
Bemindfulofthefactthatdependingontheencryption
requestforbrowserstheselesssecurealgorithmsmay
beabletoestablishSSLTLSsessions-puttingsystems
atriskTopreventthisservermanagersneedto
prioritiseciphersuites(acombinationofcryptographic
algorithmsdefinedbytheirSSLTLSprotocol)to
communicatemoresecurelywithbrowsersanddecide
whichciphersuitesarepermittedtodoso
Chapter3exploresthisinmoredetail
3 Web servers (for inter-server communication)
Theprocedurehereissimilartothatforgeneralweb
serversInthecaseofinter-servercommunication
whereoneoftheserversisaclientfortheotherserver
payattentiontowhethertherootcertificateoftheother
serverisavailabletobothtoverifytheSSLcertificate
Asinthecaseofbrowserssomeserverapplications
comewithcertainrootcertificatesincludedCheckthe
specificationandconfigurationIfnorootcertificateis
installedobtainonefromaCA6
Theinter-communicationenvironmentmaybepartofa
largecorporatesystemthedevelopmentormanagement
ofwhichisoftenoutsourcedInthiscaseacertain
amountofbudgetmayneedtobesetasidetoreview
thecryptographicalgorithm
4 Browsers (PC)
PCbrowsers(includingWindowsInternetExplorerreg
MozillaFireFoxetc)typicallyhavehighperformance
andareupdatedfrequentlyTheyaremorelikelytobe
equippedwithnewcryptographicalgorithms
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
9
Manybrowsersareequippedwithfunctionswhich
enablepost-releaseupdatesincludingonline
distributionofpatchprogramstobecompletedifthere
isanydeficiencyinembeddedmodulessuchasroot
certificatesHoweveraswithMicrosoftsupportfor
priorversionsisusuallyterminatedquicklyandnopatch
programsaredistributedwhenmajorupgradestake
place
Itisimportantforservermanagerstoencourageend
userstomovetonewbrowsersOldversionsarenot
capableofsupportingstrongercryptographicalgorithms
andareinsufficientlysecure
5 Mobile phones (Feature phones)
In2009SHA-2capablemobilephonesbegantoappear
Sincethenalthoughmorecapablemodelshavebeen
releasedcurrentcoverageisinsufficientforgeneral
use7Additionalupdateplansforexistingmodelshave
notbeenannouncedeither(asatJuly2014)
Thereforeoldmobilephonemodelscannotcurrently
accesswebsiteswithSHA-2compatiblecertificates
installed
6 Smartphones
Smartphonesarerelativelyadvancedintermsof
handlingnewcryptographicalgorithmsAlmost
allstandardbrowsersonsmartphonesareSHA-2
compatibleRefertoourwebsite8forcompatibilitiesIf
theaccesstestproducesanydifferenceinresultsyour
webservermightnotbeconfiguredproperly
7 Embedded devices
Anincreasingnumberofembeddeddevices-suchas
householdappliancesvideo-gameconsolesandoffice
automationequipment-havesophisticatedCPUswith
functionsincludingInternetaccessCurrentcompatibility
ofthesedevicestoSHA-2orothersafercryptographic
algorithmsappearstobeaspoorasorworsethanthat
ofmobilephonesintermsofmemorycapacityand
otherrestrictions
Similarlythesedevicesareequippedwithalimited
numberofrootcertificatesastheyonlyaccesscertain
webserversForexampleSSLTLScommunication
failuremayoccurwhentheSSLcertificateonaserveris
switchedtoaSHA-2compatiblecertificateInaddition
sincetheseembeddeddeviceshavealongerproductlife
cyclethanwebbrowserstheyarenoteasilyreplaced
evenifdefectsarereported
Thereforeservermanagersoperatingwebservices
intendedfortheseclientenvironmentsarerequiredto
promotecertificatereplacementonserversanddevices
incollaborationwiththeserverdevelopers
8 Uniquely developed client server model by a systems integrator
Attherequestofacustomerasystemsintegratormay
developspecificclientsoftwarewithabrowsingfunction
Inthiscasetheserverlifecycletendstobelongand
incompatiblewithnewcryptographicalgorithmsasthe
softwareistailoredtothecustomersneeds
Alsomanysuchsoftwareproductsareequippedwith
rootcertificatesissuedbyCAsincludingSymantecThis
meansthesoftwareisaffectedbytheCAsalgorithm
migrationIfasystemsintegratorprovidessystems
orservicesusingSSLcryptographyservermanagers
shouldcheckthecompatibilitywithSHA-2firstplan
amigrationofthewholesystemandobtainenduser
consent
InconclusionTable6showstherelationshipbetween
SSLTLScommunicationscomponentsandcryptographic
algorithms
Informationonthecryptographiccompatibilityof
serversbrowsersandmobilephonesmayormaynot
bedisclosedItisadvisableforservermanagersto
understandthenatureoftheirorganisationsservice
andobtaincontactinformationofthevendors(providers)
asnecessary
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
10
Chapter 2 Summary
TomaintainsecurityinSSLTLScommunicationthe
strengthofcryptographicalgorithmsmustbeincreased
Forexampleadevicewithanexpectedlifecycleof
tenyearsshouldideallybedesignedtakingfuture
cryptographictrendsintoaccountforthenexttenyears
Howeverthisisnotalwayseasytoachievebecause
itisdifficulttobalancethelifecyclesofdevicesand
cryptographies
SuccessfulSHA-2migrationdependsonhowquickly
youcanassesstheenvironmentalcomponentsandthe
specificationsinvolved
Nextwewillgothroughachecklistforservermanagers
tounderstandpotentialissuesandovercomethem
Table 6 The usechoice of cryptographic algorithm by providers for each SSLTLS communication components
Components of SSLTLS communication
ProviderUsechoice of cryptographic algorithm
RemarksPublic-key encryption Common-key encryption Hash function
Certificate CA
Keylengthisspecified
byservermanager
uponCSRgeneration
(Rootandintermedi-
atecertificatesare
specifiedbyCA)
- (SpecifiedbyCA)
Webserver
(Generalwebsites)Servervendors SelectedbyservermanagerasCipherSuite
Webserver
(Inter-servercom-
munication)
Systemdeveloper
(SIeretc)
SelectedbyservermanagerasCipherSuite
Makesurerootcertificatesareinstalledoneachserver
PCbrowserBrowsersoftware
developer
Capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationrequired
asSHA-256inonly
availabletoWindows
XPSP3orlateretc CAsusuallydisclosethe
informationoncompatible
clientenvironments8
CellphoneCellphonecarrieror
devicemanufacturer
Manymodelsare
capableofhandling
appropriatekey
lengthssuchasRSA
2048bit
Confirmation
requiredaseach
browserhasdifferent
priorityofCipher
Suite
Confirmationre-
quiredasSHA-256
inonlyavailableto
modelsreleasedafter
2009etc
Communication
deviceDevicemanufacturer Confirmationwithdeveloperisrequiredascompatiblecryptograph-
icalgorithmsorinstalledrootcertificateslargelyvarydependingon
thedevicesystemUniquelydeveloped
clientserversystem
Systemdeveloper
(SIer)
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
11
How-andbywhom-shouldSHA-2migrationbe
performedAndwhatcanservermanagersdo
Arebrowsersormobilephonesaffectedbyserver
configuration
Afterreviewingrelevantfactorsinyourdifferent
environmentstakeactionstotesteachenvironment
andaddressproblemsActionsthatcanbetaken
immediatelyareshowninTable1Chapter1
SSL certificate checklist
Item 1 Get a picture of the key lengths of intermediate and root certificates and hash
functions
AsshowninFigure2manySymantecSSLcertificates
includefourlayersSSLcertificatesforwebservers
workinpairs(alsodescribedaschained)witheachof
theintermediatecrossandrootcertificatestoproperly
verifybrowsersignatures
Figure 2 Layered structure (four layers) of general certificate
Server ID - SHA-1SHA-2
1 VeriSign Class 3 Secure Server CA - G3
2 2048bitRSA 3 SHA1withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Root certificate
Intermediate CA certificate (for cross root configuration)
Intermediate CA certificate
End-entity certificate
1 Symantec Class 3 Secure Server CA - G4
2 2048bitRSA 3 SHA256withRSA
1 (End -Entity) 2 2048bitRSA 3 SHA256withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
1 Class 3 Public Primary Certification Authority
2 1024bitRSA 3 SHA1withRSA
1 VeriSign Class 3 Public Primary Certification Authority ndash G5
2 2048bitRSA 3 SHA1withRSA
Algorithm for signature RSA SHA-1(as of June 2014)
Algorithm for signature RSA SHA-2
Note A new dedicated intermediate CA certificate must be installedNote that previously obtained intermediate CA certificates are not available
Installed on browser
Installed on web server
Legend1 Name of the certificate subject2 Public key cryptosystem and the key length3 Digital signature
SHA 256 with RSA is employed for the signature on the intermediate and end-entity certificates
Chapter 3 Checklist 9 actions for server managers
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
12
Servermanagersmustbeawareofthekeylengthand
hashfunctionofthecertificateoneachlayeroftheSSL
certificateusedontheirwebsites
ForexampleCAwillissueanend-entitycertificate
whichisincludedintheSSLcertificatewiththehash
algorithmswitchedtoSHA-2Howeverthisisnot
enoughtocompletethemigrationofhashalgorithms
toSHA-2Thehashalgorithmfortheintermediate
certificatewhichcoupleswiththisSSLcertificatemust
alsobeswitchedtoSHA-2
GenerallyspeakingwhenrenewingtheSSLcertificate
thelatestversionoftheintermediatecertificatespecified
byCAmustbeinstalledSSLcommunicationmaybe
interferediftheintermediatecertificateisnotreplaced
whenswitchingcryptographicalgorithms
CAsincludingSymantecareresponsibleforconstantly
examiningandreinforcingthecryptographicalgorithm
usedforintermediateandrootcertificatesaswellas
end-entitycertificatesServermanagersmuststay
updatedwithinformationprovidedbyCAs
Table 7 Cryptographic algorithms used for Symantec SSL intermediate cross and root certificates
Symantec SSL certificate Intermediate certificate Cross and root certificates
Public key length Hash function Public key length Hash function Public key length Hash function
RSA2048bit SHA-1 or 2 RSA2048bit SHA-1 or 2 RSA2048bit SHA-1
1 RSA 1024 bit root certificate is also used as cross-root method is employedDetails on cross-root method will be described later
Server configuration checklist
Item 2 Review how to generate a CSR
ThehashalgorithmoftheSSLcertificateshould
bespecifieduponapplicationnotwhentheCSRis
generatedIfyoumistakenlychooseSHA-1forthe
hashalgorithmuponapplyingthecertificatewillbe
issuedwithSHA-1Youneedtoinstalltheintermediate
andcrosscertificateswhichproperlychainwiththe
SSLcertificatethathastheapplieddeterminedhash
algorithm
WhenapplyingforanSSLcertificateakeylengthof
2048bitorlargermustbeselectedortheapplication
willbedeniedWerecommendyoudouble-checkthe
webserverapplicationmanualorconsultthevendor
toseehowtospecifythekeylength
SymantecoffersafreeSSLcertificatefor30daysto
giveyoutimetoreviewthis
httpstrustcenterwebsecuritysymanteccom
processretailtrial_initialapplication_locale=VRSN_
AUamptid=symc_vrsn_ssl_try
Item 3 Review how to set up the intermediate certificates for cross root hierarchy
ThecrossrootmethodisusedforSymantecSSL
certificatesSSLcertificates(end-entity)andtwomore
typesofintermediatecertificate(forthetwolayers
betweentherootcertificateandtheend-entity)mustbe
installedonthewebserverThisisnotnecessaryifitis
installedfromafileinPKCS7formats
Payattentiontotheorderwheninstallingthreetypesof
certificateRefertoFigure2
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
13
Figure2showsthelayeredstructureofSymantec
SecureSitewithEVSSLCertificates(SHA-1SHA-2)This
certificateisissuedusingthecross-roothierarchyThis
enablessignatureverificationusingtwoseparateroot
certificatescommonlycalledG5rootandG1root
Installthefollowingthreecertificatesonthewebserver
(a)end-entitycertificate
(b)intermediatecertificate
(c)intermediatecertificateforcross-root
Relativelynewbrowsers(InternetExplorer7orlater)are
alreadyequippedwithG5rootSotheirsignaturewill
beverifiedonthethreelayerswhichhaveG3rootas
theirtrustanchorInthiscaseG1rootwhichisverified
via(c)willnotbechained
FormobilephonesnotequippedwithG5roottheir
signaturewillbeverifiedintheorderof(a)(b)and(c)
andfinallythroughallfourlayerswithG1root
Verificationfailurehasbeenreportedbyclients-
especiallyformobilephoneswhichgothroughthechain
infourlayers-foravarietyofreasonsTheseinclude
theabsenceofanintermediatecertificateforcross-root
(c)orthethreecertificates(a)(b)and(c)occurringin
thewrongorder
Symantecperformsoperationaccesschecksfor
browsersandmobilephonesusingthecross-root
hierarchyInsomecasesbrowsersmayaccessproperly
withoutinstallingintermediatecertificatesforcross-
rootHoweverwerecommendyoucheckthewebserver
applicationmanualorconsultyourvendortodiscuss
howtoinstallwebservercertificatesThiswillprevent
accesstestcategoriesfrombecomingcomplicated
Item 4 Review Cipher Suite availability on the server
CommonkeycryptographyhasnotyetbeendiscussedThis
isbecauseitisdeterminedbycommunicationbetweenthe
browserandwebserverThisistherequestforencryption
indicatedas(1)inthehandshakeprocessdescribedin
Figure1Alsospecificationsforpublickeycryptography
andhashfunctionsaredeterminedbyCAsincluding
Symantec
NISThaspublishedadocumentwithselectioncriteria
forciphersuitesThisoffersusefulguidelinesforserver
managersalongwithotherinformationrelatingtothe
strengthofcryptographicalgorithms
Table9belowshowsthepriorityofCipherSuite
recommendedbyNISTwhenusingRSAcertificatesin
TLS12RecommendedCipherSuitesforECDSA(akey
exchangesystemusingECC)andDSA(DigitalSignature
AlgorithmusedmainlyinUSgovernmentalsystems)are
alsolisted
UnfortunatelyCipherSuiteinstallationmanualsfor
servermanagershavenotbeenproperlyproducedyet
Currentlymanyservermanagersusethedefaultsetof
CipherSuiteswhenintroducingwebserverstostartSSL
servicesHoweverideallyitwouldbebetterforthem
torefertoavailabledocuments-suchasTable9-and
activelypromotecryptographicalgorithmsecurityincluding
common-keycryptography
SimilarlydomesticserverapplicationvendorsandCAsmust
developanddiffusemanualsandlistsforthispurpose3
(Reference)WebsiteslistingCipherSuiteareavailableon
OpenSSL
httpwwwopensslorgdocsappsciphershtml
Table 9 List of TLS 12 Cipher Suites for TLS 10 recommended by NIST(excerpt from 331 Cipher Suites of Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations NIST SP 800-52 Revision 1)
CipherSuiteName KeyExchange EncryptionHashFunctionforHMAC
HashFunctionforPRF
TLS_RSA_WITH_AES_128_GCM_SHA256 RSA AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_256_GCM_SHA384 RSA AES_256_GCM NA SHA-384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE AES_128_CBC NA SHA-256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE AES_128_GCM NA SHA-256
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA-256 SHA-256
TLS_RSA_WITH_AES_128_CCM16 RSA AES_128_CCM NA SHA-256
TLS_RSA_WITH_AES_256_CCM RSA AES_256_CCM NA SHA-256
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
14
Item 5 (For inter-server communication environment) Be cautious Double check required root certificates
Nextwediscussinter-servercommunicationusingSSL
TLSThisincludesinstancessuchasextranetuseamong
groupsorder-takingsystems
Confirmthattherequiredrootcertificateisinstalledon
eachserveraswellasthepreviouslydiscusseditems
Therootcertificateusedforsignatureverificationmust
beinstalledIninter-servercommunicationeachserver
applicationactsasaclientandverifiesthesignatureon
theSSLcertificateoftheotherserversapplication
GenerallyrootcertificatesareissuedbymajorCAs
includingSymantecandarepre-installedonapplication
platformswithinthedevelopmentenvironmentAn
SHA-1rootcertificateorso-calledG5G1willbeused
onanongoingbasisaspreviouslydiscussedTherefore
therootcertificatedoesnotneedtobereplaced
Howeverwerecommendyoucheckifanadditionalroot
certificateisrequiredorfindouthowtoaddone
Forexamplewheretheservercommunicationsystem
iscomposedofJ2EE(anenterpriseapplication
environmentcomposedofJava)whenanapplication
actsasaclientandperformsSSLTLScommunication
withtheotherapplicationrootcertificatesare
aggregatedinafilecalledcacertswhichisincludedin
thedevelopmentenvironmentThesecertificatescanbe
addedordeletedusingatoolcalledkeytool
(Reference)Keytool-managementtoolforkeysand
certificatesSunMicrosystems
httpdocsoraclecomjavase7docstechnotestools
solariskeytoolhtml
Client environments factors to consider
Item 6 (For PC browsers) Compatibility improvements
Howwell-preparedarePCbrowsersandmobilephones
forSHA-2
Table10brieflysummarisestwoviewpointsregarding
PCbrowsers
Table10CompatibilityofbrowsersonWindows
WindowsVista Windows78
IE7 IE8 IE8orlater
Compatibilitytohash
algorithmSHA-2 l l l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequate
WindowsXPSP3orlaterispartiallycompatiblewithSHA-256
RegardingtheSHA-2functioncompatibilityforthe
platformslistedinTable10itcanbesaidthatthis
compatibilityhasimprovedgreatlysince2010Thishas
beenhelpedbythepopularityofnewOSsincluding
Windows7andtheOSmigrationcausedbythe
terminationofsupportforWindowsXP
Penetrationlevelsofcryptographicalgorithmsandroot
certificatesinclientplatformshavegreatlyinfluenced
whenandhowCAschangethespecificationoftheir
SSLcertificatesForexampleMicrosoftsetsaSHA-2
migrationscheduleinitsrootcertificateprogramasa
requirementforCAs3
Servermanagersarerequiredtopromotethemigration
tonewOSandbrowserswhicharecompatible
withsafercryptographicalgorithmsaspartofthe
requirementtomaintainandsecurethesafetyofSSL
TLScommunicationalongwithCAsandOSbrowser
providers
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
15
Item 7 (For feature phones and smartphones) Review the cover ratio
AsdescribedinChapter2duetomemorycapacity
limitationsfeaturephonesarelesscompatible
withcryptographicalgorithmsincomparisontoPC
browsersSomemodelsareequippedwithfull-browser
functionalityhowevertheymayonlybeabletohandle
alimitedrangeofcryptographicalgorithms
Converselysmartphoneshavefewerlimitationson
memorycapacityTheircapabilitiesareclosertothose
ofPCbrowsers
Table11summarisesthealgorithmcompatibilityand
installationstatusofrootcertificatesformobilephones
Table11Compatibilityoffeaturephonesandsmartphones
2G
cellphone
3G
cellphoneSmartphone
Compatibilityto
hashalgorithm
SHA-2times s7 l
lPerfectlycompatible
sNoprobleminsomeenvironmenthowevernotyetadequateinmany
environment
ServermanagersmustpayattentionwhenCAsclaim
amobilephonecoverageofNNOftenthisis
actuallyaninflatedfigureandincludescaveatssuchas
excludingmodelsseriesreleasedin200Xorearlieror
thecalculationisbasedonaccesstocertainsites
(ienotbasedontheyearofreleaseormodelsseries)
Althoughfiguresbasedonaparticularmodelorseries
canactasabarometerforcompatibilityitfluctuates
continuouslyIdeallycorporateservermanagersshould
keeptrackofaccuratecoverageratesforeachphone
modelaswellascomparingfiguresandcommunicating
accurateinformationtoendusers
Item 8 (For feature phones) Understand the characteristics of mobile phone apps (Java BREW etc)
SomemobilephoneservicesconductSSLTLS
communicationviadedicatedapplicationswhichrunon
themobilephoneitselfratherthanwebbrowsersJava
J2MEandBREWaremajorapplicationplatforms
Inmostoftheseclientenvironmentscommunicationis
notconductedbyusersbyarbitrarilyspecifyingURLs
towebsitesbutinsteadinthebackgroundwithspecific
websitesThereforeservermanagersoperatingwebsites
orserviceswhichcommunicatethroughdedicated
applicationsmustcheckthealgorithmcompatibilitiesof
theapplicationplatformsontheclientside
Item 9 (For household appliances and embedded devices) Understand the communication of each device
AsdiscussedinChapter2whenconnectingwithSSL
TLScommunicationfromplatformsembeddedin
householdappliancesvideo-gameconsolesandoffice
automationequipmentservermanagersmustcheck
whichcryptographicalgorithmsthedevicescanhandle
selecttheappropriateSSLcertificateandinstallthem
Notethatduetothelonglifecyclesofthesedevices
itcantakealongtimeforalldevicesinthemarketto
bereplaced-eventhoughmanufacturerstrytoadd
cryptographicalgorithmsorrootcertificatesServer
managersmustensuretheyperformthefollowingtasks
inadditiontotheirregularduties
-Payattentiontolong-termtrendsforcryptographic
algorithms
-CollectinformationregardingCAslong-termplansfor
rootcertificatemigration
-Requestmanufacturerstoinstallnewalgorithmsand
requiredrootcertificates
Symantecprovidesusefulinformationforserver
managersandthemediaActingontheseupdates
increasesyourchancesofsuccessinmigration
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
16
Chapter 4 What is the deadline for making these changes
ThechecklistofnineitemspresentedinChapter3
focusedonactionswhichservermanagerscanand
shouldtakeimmediatelyBasedontheseactionsthis
chapterdescribeshowmigrationwilltakeplaceover
severalyearsfromnowItincludessomeassumptions
LookatFigure5InitsannouncementMicrosoft
requiresCAstoterminatetheissuingofSSLcertificates
(end-entitycertificates)andintermediatecertificates
usingSHA-1bytheendof2015andalsotodiscontinue
theuseofthesecertificatesInresponsemanyCAs
includingSymantechaveannouncedthesamepolicyin
ordertomigratetoSHA-2certificates
ToensureasmoothmigrationtoSHA-2Symantec
hasannouncedascheduleforsequentialtermination
ofSHA-1certificatesalongwithpromotionofSHA-2
certificates9
Figure 5 Example of migration timeline for corporate server managersThis timeline shows an example of general SSL certificate migration based on the market trend as of the creation date This does not indicate Symantecs migration plan
2010 2011 2012 2013 2014 2015 2016 2017
Maximum period of validity of certificates with RSA 1024 bit keys
Adjustmentdiffusion period of SHA-2 for general web servers and browsers
Adjustmentdiffusion period of SHA-2 for all applications and devices which conduct SSL communication
Issue renew and reissue of SHA-1 certificates
Maximum period of validity of SHA-1 certificates
New issuance of certificates with 2048 bit keys and the maximum period of validity
New issuance of certificates using SHA-2 and the maximum period of validity
Adjustment for SHA-2 testing period
Certificates (conventional specification)
Certificates (new specification)
Testingadjustment period
(Reference) Supporting period of SHA-1 on Microsoft Windows (as of today)
STOPSTOP
STOPSTOP
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
17
Required actions
Table11showstheactionsthatneedtobetaken
toenableSSLTLScommunicationbetweenclients
browsersandserversWebsitemanagersandbrowser
vendorsusingSHA-1mustcompletemigrationtoSHA-2
inapproximatelytwoyearsItisnottooearlytostart
budgetingandplanningforthemigrationincludingany
testing
Consider introducing Elliptic Curve Cryptography (ECC) to improve website response
EllipticCurveCryptography(ECC)isatechnologythat
improvessecurityusingasmallercryptographickey
lengthincomparisontoRSAapublickeycryptosystem
TheECCcertificatesSymanteclaunchedin2013meet
MicrosoftrequirementsforSHA-2employedwiththe
hashalgorithmTheyalsorealisetheencryptionstrength
with128-bitequivalentsafetyof128bit10
DirectorzCoLtdahostingserviceproviderconfirms
thatbyinstallingECCcertificateswhichsupportSHA-
2theloadonwebserverCPUisreducedby46while
responsetimeisimprovedby7
AsanoptionforpromotingthehashalgorithmtoSHA-
2despitethelowercoveragerateforbrowsersetc
comparedtoRSAitishelpfultobeawareoftheECC
certificate-asitcanimprovewebsiteperformance
Common key cryptosystem
Finallyforthecommonkeycryptosystemitmaybe
desirabletostartoffwithpolicysettingsforalgorithms
andCiphersuitesregardingSSLTLSsettingsforserver
operationsRefertodocumentssuchasNISTmentioned
inItem4
Servicestoevaluatewebsitevulnerabilitiesareavailable
andofferobjectiveevaluationandindicationsfor
improvement
Table 11 Actions to be taken for migration to SHA-2
SHA-2 installation Termination of SHA-1 use
Website manager
- Testing SHA-2 certificates
- Installing SHA-2 certificates sequentially (by
December 31 2016 at the latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Manager of inter-system linkage using API
- Testing inter-system linkage of SHA-2
certificates
- Installing SHA-2 certificates and root
certificates (by December 31 2016 at the
latest)
- Installing SHA-2 certificates sequentially by
reissuing etc if the validity period of SHA-1
certificates expire after 2017
Browser vendors
Embedded device vendors
- Accommodating SHA-2 algorithms
- Implementing SHA-2 root certificates to
browsers and embedded devices
- Taking actions toward SHA-1 certificates by
displaying warning message etc
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
18
Chapter 5 When will the next cryptographic algorithm migration take place
SHA-2migrationhastobeaddresseddirectlyButwill
thesemigrationshappenagaininthefuture
NISTpredictsthatsomeofthealgorithmsrecognised
assufficientlysafeafter2010-suchasRSA2048bit
andSHA-224-maybeunsafeafter2030Managersof
systemsthatwillbeusedinthelong-termshouldbe
mindfulthattheywillneedtodevelopandupgradeso
thatcryptographicalgorithmscanbeusedtomaintain
securityuntiloperationsarecompletedThisisshownin
Table12
Table12Minimumequivalentsecurityrequiredfororganisations(sourcesameasTable2)
Validationperiodofsystem
Minimumrequirementofequivalentsecurityfulfilledbycryptographicalgorithmtouse
Bytheendof2010 80bit
Bytheendof2030 112bit
After2031 128bit
HashfunctionSHA-2isdesignedinasimilarwayto
SHA-1Thereforetheneedforanext-generationhash
algorithmisrecognisedNISTheldacompetitionto
scoutapotentialsubstituteforSHA-2andannounced
thatKeccackhadwonthisasSHA-3inOctober2012
NISTwillfinaliseitsspecificationaftermakingafew
finaladjustments11
AspreviouslydiscussedEllipticCurveCryptography
(ECC)isbelievedtobeeffectiveforpublickey
cryptosystems
Chapter 6 Conclusion
Undoubtedlythemigrationofcryptographicalgorithms
isamajorchallengerequiringasignificanteffortnot
onlyfromCAsbutalsofromserverbrowservendorsand
managersHoweverbyimplementingtheappropriate
measuresandensuringthecorrectchecksasmooth
migrationcanbeachievedfornowandthefuture
Asaleadingproviderofauthenticationservices
Symantecwillmakeeveryefforttoissuecertificatesand
supportyoufullyinyourmigration
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
White Paper Guide for Migrating to SHA-2 Certificates
19
For specific country offices and contact numbers please visit our website For product information in the Asia Pacific region callAustralia +61 3 9674 5500
New Zealand +64 9 9127 201
Singapore +65 6622 1638
Hong Kong +852 30 114 683
Taiwan +886 2 2162 1992
Or email ssl_sales_ausymanteccom
ssl_sales_asiasymanteccom
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher
Copyright copy 2015 Symantec Corporation All rights reserved Symantec the Symantec Logo the CheckmarkCircle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in the US and other countries Other names may be trademarks of their respective owners
SymantecSymantec Website Security Solutions Pty Ltd3437 St Kilda Road Melbourne3004 ABN 88 088 021 603wwwsymanteccomenaassl-certificates
NotesReference
1 CRYPTRECReport2012ReportoftheCryptographicOperationCommitteeJuly2013
httpwwwcryptrecgojpreportc12_sch_webpdf
2 NewPreimageAttacksAgainstReducedSHA-1
httpwwwiacrorgconferencescrypto2012slides6-3-Knellwolfpdf
3 MicrosoftRootCertificateProgram(asofJuly2014)
httpsocialtechnetmicrosoftcomwikicontentsarticles1760windows-root-certi_cate-program-
technicalrequirements-version-2-0aspx
4 HardwarewhichhasundergoneoperationverificationbySymantec
httpsknowledgeverisigncojpsupportssl-certi_cates-supportindexpage=contentampid=SO23044
5 ReportonSSLServerConfigurationSurveyIPA2012
httpwwwipagojp_les000014264pdf
7 Accesscoveragewasabout70asofJuly2014Fortestresultrefertothefollowing
httpsknowledgeverisigncojplibraryVERISIGNVSJresourcesclient-sha2eepdf
8 Accesscoverage999
httpsknowledgeverisigncomsupportssl-certificates-supportindexpage=contentampid=SO25586ampactp=search
ampviewlocale=en_USampsearchid=1418729322313
9 ScheduleofSymanteccertificatestosupportSHA-2
httpwwwsymanteccompagejspid=sha2-transition
10 SymantecECCcertificate
httpwwwsymanteccompagejspid=how-ssl-worksamptab=secTab4
11 NISTThird-RoundReportoftheSHA-3CryptographicHashAlgorithmCompetition(November2011)
httpnvlpubsnistgovnistpubsir2012NISTIR7896pdf
Disclaimer AllopinionsexpressedinthispaperarethoseofSymantecWhileusefultheydonotprovideaguaranteeofsuccessinmigration
Symantecisnotresponsibleforanylosscausedbytheapplicationofthisinformation
More Information
Adweb Technologies Pvt Ltd
Head Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SymantecTM CertificateIntelligence Center
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
OverviewFor todayrsquos enterprise SSL security is more critical ndash and more difficult tomanage ndash than ever before With network infrastructure that spans multiplegroups of servers organisational units and locations managing SSL certificatescan be a complex time-consuming process that burdens IT teams and puts a drain on resources
SSL certificates within the enterprise are frequently at odds with official policiesand procedures put in place to administer SSL security In some cases older SSLcertificates may conflict with new policies or customised exceptions are madeto meet unique business requirements In addition employees and business unitrepresentatives may lack the knowledge to abide by policies created by theircompanies All of these factors create variance across the enterprise complicating the overall management of SSL security
Regardless of the cause any uncertainty surrounding SSL certificate statusposes a risk that can have serious consequences The expiration of an unknowncertificate a missed renewal or update ndash or keeping an expired certificate on anasset ndash can create security vulnerabilities leaving enterprise networks exposedand potentially resulting in critical system downtime If a data breach occursthe costs of mitigating the damage can be expensive enterprises can face highersupport costs lower productivity and revenue and even damage to their hard-earned reputations
Quickly Take Control of Enterprise SSLAvailable exclusively to Symantectrade Managed PKI for SSL customers the Symantectrade Certificate Intelligence Center powered by Symantec helps provide a complete view of SSL security across the enterprise allowing administrators to take full control of all SSL certificates issued by any Certificate Authority By scanning and centralising data into one central repository Symantec Certificate Intelligence Center gives administrators the detailed intelligence they need to manage the enterprise SSL environment quickly and easily
Ideal for companies with more than 100 servers under management SymantecCertificate Intelligence Center also allows enterprises to automate discoverytasks and set up alerts to notify administrators when certificates expire or require maintenance With Symantec Certificate Intelligence Center automated and fullyconfigurable discovery scans cut the time taken to keep track of SSL certificate assets giving IT teams the time they need to focus on other mission-critical tasks
Symantectrade Certificate Intelligence CenterSimplify SSL Certificate Discovery and Management Across the Enterprise
Key Benefits
bull Gain Complete Visibility intoSSL EnvironmentFast certificate discovery scansprovide a complete inventoryof SSL certificates across theenterprise network
bull Maintain Business ContinuityPrevent unknown certificateexpirations and mitigateassociated risks throughconfigurable notifications andalerts
bull Minimise Management OverheadHybrid deployment modelleveraging a cloud-based serviceprovides seamless integration andthe latest features without loss ofdata collection capabilities
bull Utilise Rich ReportingCapabilitiesCreate a centralised inventory ofcertificates and sort by issuingCertificate Authority key lengthalgorithm organisation servertype and more
bull Eliminate the Need forCustom CodeManage your certificates withoutthe need for expensive customcode or lengthy PSO engagements
bull Scale to Meet the Demands ofAny NetworkScan thousands of servers spreadacross large networks quickly andeasily by leveraging a distributedarchitecture
Datasheet SSL Certificate Management
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SSL Certificate Management
Hybrid Deployment Model Offers Maximum FlexibilitySymantec Certificate Intelligence Center utilises an advanced hybrid deploymentmodel to give enterprises complete integrated control over their SSL certificatesThis model features two main components the Console and the Sensor
Hosted and delivered from Symantecrsquos cloud infrastructure the Console containsconfiguration user management permissions and other information required touse the Symantec Certificate Intelligence Center Sensors are installed at strategic points on the enterprise network and perform actions based on instructions assigned by an administrator using the Console Together these tools provide a powerful yet simple way to audit and manage all of the SSL certificates across the enterprise
Features
bull Customisable SSL Certificate DiscoverySchedule and configure how scans are performed across different parts of thenetwork while taking advantage of sensors that can scale to thousandsof servers
bull Rich Intuitive User InterfaceA best-in-class dashboard featuring easy-to-use reporting capabilities givesusers immediate access to critical data
bull Analytical ToolsUse value-added tools that act on discovered data to provide informationsuch as OCSPCRL responses forecasting calculator implementation ratingand more
Symantec Certificate Intelligence Center
Symantec certificate intelligence centerSecure cloud PlatformAPPLICATIOn LOgICCOnFIgURATIOnDISCOveRy DATARePORTIngAUDIT LOgS
SenSor functionalityDISCOveRy SCAnS AUDIT LOgSSeCURITy MODULe
mu
tual
ly a
uthen
ticated communication
HTT
PS P
ORT 443SenSor Polling the clo
ud
EntErprisE nEtwork
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom
SSL Certificate Management
bull In-Console Alerts and Email NotificationsInforms users of pending certificate expiration and other certificate lifecyclestatus to guarantee that administrators receive relevant and importantinformation on time
bull Delegation CapabilitiesAdministrators can easily delegate the deployment and management ofSymantec Certificate Intelligence Center and resulting data to the individualsthat are most appropriate to handle each task
bull Customisable User Management and Role-Based AccessManage and customise user roles or select from pre-determined rolesprovided by Symantec Certificate Intelligence Center
bull Audit Trailseasily track operations with in-Console logs that record actions taken byadministrators while Sensor-maintained audit logs record key events that aidin network troubleshooting
For more information
Adweb Technologies Pvt LtdHead Office
3093 Shree Krishna Commercial Centre 6 Udyog Nagar Off SV Road Goregaon West Mumbai 400062IndiaTelephone (+9122) 42978084
Branch Office
Level 15 Eros Corporate Tower Nehru Place New DelhiIndia ndash 110019 Telephone +91 11 6615 5362
Emailsupportadwebtechcom | visit httpsssladwebtechcom