Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
In light of recent research which contends that the SHA-1 hashing algorithm could be more vulnerable to attack than was previously thought, both Microsoft and Mozilla have begun discussions to bring forward the date when their browsers will reject SHA-1 based SSL/TLS certificates.
Although not yet confirmed, Mozilla is considering rejecting SHA-1 certificates after July 1st 2016, while Microsoft may start to reject them after the slightly earlier date of June 2016. If these plans become policy, then Firefox and Internet Explorer/Edge will show error messages whenever they encounter a SHA-1 certificate after the new dates. The previous deadline was January 1st 2017 as explained in our advisories here and here.
We anticipate Google may announce a similar timeline for their Chrome Browser soon. Because of this, we strongly recommend customers replace any SHA-1 SSL/TLS certificates on their websites, free of charge, with a SHA-2 version no later than May 31st 2016.
The following table summarizes the proposed new dates when the major browsers will cease to trust SHA-1 signed SSL/TLS certificates:
Mozilla blog: https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/
Microsoft blog: https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/
Readers should consider all dates as subject to change pending further review from Microsoft, Google and Mozilla.
How do I know if I am affected?
Enter your domain in our certificate checker at https://sslanalyzer.comodoca.com/ . The ‘signature’ row will tell you if you have a SHA-1 certificate. If so, please get a free SHA-2 replacement from Comodo before May 31st 2016. If your certificate expires before May 31st then you are free to let it expire as normal, but we advise you get a SHA-2 replacement at the earliest opportunity anyway to ensure the highest levels of protection for your visitors.
How do I get a SHA-2 certificate?
Comodo offers a free certificate replacement program to all customers. To replace your SHA-1 certificate, log into your Comodo account, locate your certificate order and use the ‘Replace Certificate’ facility. Please make sure to supply a SHA-2 CSR (or select the ‘SHA-2’ option under ‘Hash Algorithm’ on the certificate order form). We will also reach out to Comodo customers and partners with SHA-1 certificates that expire after May 31st 2016 to help them obtain a replacement. More guidance can be found in this support article.
Does anything still need SHA-1?
There is a full list of operating systems, browsers and servers which support SHA-2 on the CA Security Council website here. If you have a particular piece of software that you have concerns over, we suggest contacting the software vendor to see if they have, or are planning to offer, SHA-2 support.Comodo has a test site that uses a SHA-2 certificate. You can test software and devices against this URL to attempt to determine SHA-2 compatibility: https://sha256rsa.comodoca.com
Comodo will continue to monitor the situation and work with our customers to ensure the SHA-2 upgrade goes as smoothly as possible. If you have questions about the transition, please contact your Comodo account manager or Comodo support directly on support@comodo.com
Does this affect Code-Signing certificates?
There have also been minor adjustments to Microsoft’s policy on SHA-1 code signing certificates:
Please note that although CAs MAY issue SHA-1 code-signing certificates after Jan 1st 2016, code signed (and timestamped) with a SHA-1 signature or using a SHA-1 certificate WILL NOT WORK for standard Authenticode signing for code to run on Windows 7 and upwards.
Microsoft enforcement: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx#H1_B
References and further readinghttps://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx#H1_Bhttps://sites.google.com/site/itstheshappening/https://www.comodo.com/e-commerce/SHA-2-transition-next-steps.phphttps://www.comodo.com/e-commerce/SHA-2-transition.phphttps://casecurity.org/2014/01/30/why-we-need-to-move-to-sha-2/https://casecurity.org/2013/12/16/sha-1-deprecation-on-to-sha-2/
Tags: SSL,tls
Reading Time: 3 minutes Symantec announced it is selling its website certification business to Digicert. Symantec customers and partners now may face potential uncertainty with the types of products, capabilities, and support they will receive during a transition. In sharp contrast to this potential scenario for Symantec customers and channel partners, here at Comodo, things are going full speed…
Reading Time: 3 minutes Read the infographic to find out why Comodo gained more than half of the SSL market in the history of the Netcraft Secure Server Survey.
Reading Time: 3 minutes Clash of Kings is a very popular mobile game with millions of avid players being members of its official forum. This forum has got hacked and details of approximately 1.6 million accounts have been stolen. The hacker found a vulnerability in the software used in this forum – the forum was using vBulletin software that…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
agreecheck
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP