Weak Signature Algorithmus

Why Signature Algorithms Matter

The integrity of the hash algorithm used in signing a certificate is a critical element in the security of the certificate. Weaknesses in hash algorithms can lead to situations in which attackers can obtain fraudulent certificates. As new attacks are found and improvements in available technology make attacks more feasible, the use of older algorithms is discouraged and support eventually removed.


SHA-1 based signatures are common: at the time of writing, they are seen on the majority of certificates in use. However, SHA-1 is showing its age and its use should be discouraged. When the time comes to replace your certificates, ensure a stronger signature algorithm is used. You can read more about this in the Mozilla Security Blog post on the subject.


Support for MD5 based signatures was removed in early 2012.