Skip to main content
banner image
venafi logo

The Dangers of Keeping SHA-1 Certificates in Your Internal PKI

The Dangers of Keeping SHA-1 Certificates in Your Internal PKI

December 15, 2020 | Anastasios Arampatzis

Using old security certificates to protect your business data is like riding a horse-drawn carriage on the freeway: outdated and downright dangerous.

After 25 years of faithful service and warnings of vulnerability, SHA-1 hashing is now fully and practically broken—thanks to a team of researchers who developed a chosen-prefix collision to exploit the hash function.

Experts were flagging SHA-1 to be "officially insecure" since as far as 2010, prompting the U.S. National Institute of Standards and Technology to ban the use of SHA-1 across all federal agencies. But it was not until 2015 when a group of cryptographers demonstrated a new way to break SHA-1 that everyone in the infosec domain was officially convinced about the low barriers of attacks on SHA-1. Since then, multiple research teams have come forward with their own proof-of-concept—like SHAppening and SHAttered—that have established SHA-1 to be insecure.

The above experiments demonstrated that one of the many reasons why SHA-1 has become obsolete is because it uses a 20-bytes-long hash which could be reversed or duplicated. After all major browsers fully deprecated blog SHA-1 in 2017, organizations were forced to replace all external SHA-1 certificates. But the process has not been as thorough for internal SHA-1 certificates. Because of this weakness companies like Microsoft and Apple also imposed mandatory updates on their OS to phase out the dangers of SHA-1 vulnerabilities looming on their users.

If your organization uses an internal Public Key Infrastructure that still relies on SHA-1, the risk of cyberattack grows in orders of magnitude. A PKI system’s entire functionality depends on the strength of the cryptographic hash because it uses the hashes to verify the digital fingerprints and to confirm the approval of the signing parties.

But if the PKI relies on a cryptographic hash like the insecure SHA-1, hackers who have penetrated your perimeter can easily forge your digital fingerprints to carry out man-in-the-middle attacks or steal confidential data from right under your nose.

SHA-2 offers the only secure alternative

SHA-2 is an evolved version of the SHA-1 function because it offers a more complex hash construction and longer bits of signature. For example, while SHA-1 is a 160-bit hash, SHA-2 is a family of hashes that vary in their lengths.

Although the basic function of SHA-2 works the same way as SHA-1—with the stated purpose of offering an unbreakable cryptographic hash—SHA-2 is designed to overcome the threats found in SHA-1. By design, SHA-2 is a collision-resistant cryptographic hash that comes with improved security.

Sometimes, when trying to understand SHA-2 better, you end up being more confused. That is because different people express SHA-2 differently. But don’t be caught up in the nuances of its many expressions. Just know that whether you see SHA-256, SHA-256 bit, SHA-224, SHA-384, and SHA-512, they all mean SHA-2 or one of its alternate bit-lengths.

Avoid the dangers by moving from SHA-1 to SHA-2

First, let’s understand what happens if you still haven’t made the transition from using the SHA-1 hash function. Since all major web browser vendors like Apple, Microsoft, Google, and Mozilla have moved their applications to SHA-2 hash functions, these browsers will prevent people from accessing your website if they encounter a public SHA-1 digital certificate.

But you still need to counter the substantial risk from internal SHA-1 connections. To avoid situations like this, you must move your existing internal SHA-1-based PKI structure to SHA-2 urgently. Obviously, this process sounds easier said than done. For starters, depending on your PKI structure (2-tier PKI or single tree PKI) you will have to choose from multiple PKI SHA-1 to SHA-2 migration models, such as:

  • Two PKI trees, one all SHA-1, one all SHA-2
  • The entire PKI tree from root to endpoints are all SHA-1
  • The entire PKI tree from root to endpoints are all SHA-2
  • SHA-1 root, SHA-2 issuing CAs, SHA-2 endpoint certificates
  • SHA-1 root, SHA-2 issuing CAs, SHA-1 endpoint certificates
  • SHA-1 root, both SHA-1 and SHA-2 issuing CAs, with SHA-1 and SHA-2 endpoint certificates
  • SHA-2 root, SHA-1 issuing CAs, SHA-1 endpoint certificates
  • SHA-2 root, SHA-2 issuing CAs, SHA-1 endpoint certificates
  • SHA-2 root, both SHA-1 and SHA-2 issuing CAs, with SHA-1 and SHA-2 endpoint certificates

NOTE: Venafi can simplify this process substantially, finding and replacing large groups of certificates by attribute. You also have the option of deciding how to set up the PKI, what key size to use, and what hash is best for you.

When you design your plan to migrate to a SHA-2 supported PKI, we recommend setting up well-defined end-of-life for your existing, legacy PKI hierarchy, and design a second PKI hierarchy using the updated hash algorithms and key lengths. The benefit of this approach is that you can issue new security certificates to replace old ones from the beginning while having full control over the migration process.

To avoid any hassles in your migration, make sure that all your endpoints start supporting your new root CA while they are still certified by the old one. Eventually, once the new migration takes over all your devices and applications from the new PKI hierarchy, you can initiate the old PKI deprecation process.


Cryptographic events like SHA-1 deprecation underline the importance of crypto-agility. To be agile you will need to have a deep understanding of your certificates and hashing functions, and the infrastructure and data they protect. Visibility into your PKI is the foundation of effective lifecycle management. Venafi Trust Protection platform can help you and your business be crypto agile.


Related posts


Like this blog? We think you will love this.
Featured Blog

What Is a Private Key?

How Are Private Keys Used?<

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more