For anyone who needs to worry about keeping a website up to date, now may be the time to do a little bit of housekeeping. In a blog post, Microsoft has revealed the timeline they’re taking in regards to the phasing out of SHA-1 certificates and told us that websites running with SHA-1 won’t be valid very much longer.
Starting with the arrival of the Windows 10 Anniversary update, websites with SHA-1 certificates are no longer going to have the padlock symbol in the address bar guaranteeing security. While these websites will continue to function as they always have, users will no longer have the guarantee of their safety while browsing them and may be deterred from further use.
When February of 2017 rolls around, outdated certificates will be much more of a problem. After this deadline hits, websites that are still using SHA-1 are going to be blocked outright by Microsoft Edge and Internet Explorer, letting users know that the website isn’t secure and giving users a clear warning not to continue.
Starting with the Windows 10 Anniversary Update, Microsoft Edge and Internet Explorer will no longer consider websites protected with a SHA-1 certificate as secure and will remove the address bar lock icon for these sites. These sites will continue to work, but will not be considered secure. This change will be in upcoming Windows Insider Preview builds soon, and will be deployed broadly this summer. In February 2017, both Microsoft Edge and Internet Explorer will block SHA-1 signed TLS certificates.