SHA-1 Certificates Vulnerability

IMPORTANT ANNOUNCEMENT: This website was decommissioned on July 18, 2022

Posted on July 18, 2022

This site is no longer being updated with new postings. Please visit the UBC IT Status Page at https://status.it.ubc.ca for any new status updates and incident notifications. For operational status of our enterprise-level services, users can now subscribe in multiple ways that now includes push notifications:

SMS

Slack integration

Twitter

Webhooks

RSS feed

Custom Embed via Status API

You will be redirected shortly to the Status Page or follow the link below to go there now.

IMPORTANT ANNOUNCEMENT: This website will be decommissioned on July 18, 2022

Posted on June 20, 2022

The UBC IT Bulletins site will no longer be updated on July 18, 2022 and users will need to visit its replacement, the UBC IT Status Page at https://status.it.ubc.ca, where they can view or subscribe to status updates and incident notifications.

UBC IT Bulletins was kept as a legacy site in order to temporarily maintain RSS feeds and intended to provide users time to switch their subscriptions to the Status Page channels.

Before the decommission date of July 18, 2022, we recommend visitors go to https://status.it.ubc.ca to begin subscribing to the new notifications the Status Page has to offer. For our enterprise-level services, users can now subscribe in multiple ways that now include customizable push notifications:

SMS messaging

Email notifications

Webhooks

Twitter feed

A general RSS feed

Custom Slack notifications

Custom embed code via an API

SHA-1 Certificates Vulnerability

By admin on October 21, 2015

SHA-1 certificates have been identified as vulnerable for some time and most browsers have stipulated that these certificates won’t be rejected until January 1, 2017. However, based on recent research, there is a significant increase of risk in using SHA-1 certificates and it is strongly recommended to replace them with SHA-2 certificates as soon as possible.

UBC IT has contacted site owners who have SHA-1 certificates purchased through UBC IT about this advisory.

Recommendation:

If you have been delaying your X.509 certificate reissue, please complete the task now.
To generate a Certificate Signing Request (CSR), please follow this guide: https://confluence.id.ubc.ca:8443/display/ITSecurity/how+to+obtain%2C+deploy+and+verify+an+X.509+certificate
If you have existing SHA-1 certificates with a CA, please submit your CSR to your CA to have the certificates reissued as SHA-2

Links

http://arstechnica.co.uk/security/2015/10/sha1-crypto-algorithm-securing-internet-could-break-by-years-end/
https://sites.google.com/site/itstheshappening/

Questions

Please contact security@ubc.ca if you have any questions.

Current system status
and maintenance notifications

IMPORTANT ANNOUNCEMENT: This website was decommissioned on July 18, 2022

IMPORTANT ANNOUNCEMENT: This website will be decommissioned on July 18, 2022

SHA-1 Certificates Vulnerability

Search

Categories

Archives

RSS Feeds

Current system status and maintenance notifications

IMPORTANT ANNOUNCEMENT: This website was decommissioned on July 18, 2022

IMPORTANT ANNOUNCEMENT: This website will be decommissioned on July 18, 2022

SHA-1 Certificates Vulnerability

Search

Categories

Archives

RSS Feeds

Current system status
and maintenance notifications