You may have noticed SSL warnings appearing on some Purdue websites after updating your web browser. This is because some browsers, such as Google Chrome and Mozilla Firefox, are being proactive about warning users and web developers of an upcoming change in SSL standards. The older SHA-1 algorithm used to sign SSL certificates is being retired as of January 1st, 2017 and replaced with the more secure SHA-2 algorithm. Browsers from other vendors, such as Apple Safari and Microsoft Internet Explorer, will start issuing these same warnings later this year or early next year.
Some examples of warnings that you or visitors to your sites might see are:
Google Chrome – The “https” badge will change to show a less secure connection and, if clicked, is accompanied by a warning message that reads “The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it.”
Mozilla Firefox – As of the Firefox 36 beta, a “broken” https security badge is shown. If clicked, it provides an explanation that only some content is being encrypted (which is technically incorrect). All versions of Firefox prior to 36 will report no issues.
Please be assured, these certificates are valid and are not “out of date”. We have a replacement schedule in place to ensure that we will have all SHA-1 SSL certificates retired or replaced before January 1st, 2017. If you are the owner of a site we host with this issue and would like your certificate updated early, please contact us at firstname.lastname@example.org.
Additional information on this change is available from Google.