Has anyone figured out if we should expect a flood of customer calls on January 1 related to deprecation of SHA-1 certificates?

I keep seeing articles predicting Internet doomsday on January 1, 2016. But it looks to me like that's just the date CA's stop issuing new SHA-1 certs and browsers will not accept SHA-1 certs ISSUED after January 1, which shouldn't happen anyway. And that January 1, 2017 (or possibly earlier) is when OS and browser vendors may stop accepting older SHA-1 certs.

So wouldn't that be the date when we start getting customer calls, not January 1?

Of course, I'm making the assumption that if a site that used to work now gets an error message, customers will call us assuming "the tower is down" or "my ISP is blocking sites". Who else are they going to call? Google? Microsoft? The site owner who didn't get an updated cert?

https://googleonlinesecurity.blogspot.ro/2015/12/an-update-on-sha-1-certificates-in.html

Reply via email to