SSL certificate migration to SHA-2

What do I do to migrate my cert to SHA-2?

First of all - this is only relevant and important for activated certificates. If your certificate is signed with the SHA-1 algorithm, we strongly recommend updating it to SHA-2. To update an SHA-1 signed certificate (Comodo certificates issued before May 7, 2014) to SHA-2 algorithm, all you need to do is perform a reissue under your account. To check which hashing algorithm your certificate has, you can use this tool.


One of the most important parts of an SSL Certificate's security is the signature algorithm. For the last several years, SHA-1 (Secure Hash Algorithm) has been the most widely used algorithm. Back in 2004, SHA-1 stepped in to replace MD5, which has been found to be vulnerable and insecure. Security services are improving along with other technologies, and now it's time for another change.

Even though the SHA-1 algorithm is still widely used, two of the biggest players in the web community - Microsoft and Google - have decided it's time to change the SHA-1 algorithm, just as you would replace an old tire before it actually breaks up on the road. The next step forward is the SHA-2 algorithm.

Starting November 6, 2014, all certificates obtained from are signed with SHA-2 algorithm by default.

Certificates signed with SHA-1 will still be in use until December 31, 2015, though they might show an informative notification in Google Chrome browser (after version 39) and some other modern browsers.

What do I do if I still need a SHA-1 signed certificate?

If you have a certificate signed with the SHA-2 algorithm, and for some reason you wish it to be updated to SHA-1, you can do this free of charge using a reissuance process. Please contact our Support Team before initiating a reissue. 

Reissue to SHA-1 can be done only for certificates that expire before January 1, 2016. As of this date, SHA-1 signed certificates will not be issued anymore.

CA Bundles:

As both public certs and intermediate certs are updated to the SHA-2 algorithm, the Certificate Authorities have created new chain files to be used with the updated certificates. These files include intermediate certificates signed with the SHA-2 algorithm. To make sure you have an up-to-date chain file, for your certificate not to throw any warnings, check out our CA Bundle archive.