Important Update : Changes to SHA256 Certificate Hashing Algorithm
Share
We recently identified an issue affecting some of our customers regarding the hashing algorithm used in our TLS SSL Certificates. We want to provide you with a clear explanation of the situation and the steps being taken to resolve it.
UPDATE JUNE 18, 2025 09:30 UTC : Trustico® branded SSL Certificates have now been reverted to use the SHA256 hashing algorithm. Affected customers can reissue if needed.
UPDATE JUNE 17, 2025 21:15 UTC : Within the next 24 hours newly issued Trustico® branded SSL Certificates will be reverted to use the SHA256 hashing algorithm ahead of the official Sectigo® scheduled maintenance. Please watch this page for updates and then reissue your Trustico® branded SSL Certificate if you require a SHA256 hashing algorithm.
The SHA384 Issue
We've discovered compatibility problems with SHA384 hashing algorithm being used in our leaf SSL Certificates (the actual TLS SSL Certificates deployed on servers).
While SHA384 is technically more secure than SHA256, it has unfortunately caused unexpected compatibility issues with certain systems and devices.
This issue went largely undetected during initial testing because SHA384 has been successfully used with 3K RSA keys for some time without apparent problems.
However, as we expanded this implementation to mass SSL Certificate issuance, compatibility issues began to surface across various client environments.
Official Response from Sectigo® Certificate Authority (CA)
Sectigo® has acknowledged this issue and is taking immediate action. Here is their official statement :
Upcoming Change : SHA-256 to be Used for New TLS Certificates Starting June 23 🔗
In summary, Sectigo® has scheduled maintenance to change the default issuance algorithm back to SHA256 on Monday June 23, 2025, at 13:00 UTC. This change will ensure broader compatibility while maintaining strong security standards.
What This Means for You
If you've experienced any SSL Certificate related issues recently, this change should resolve them. After Monday's update, newly issued SSL Certificates will use the SHA256 algorithm by default, which has proven to be both secure and widely compatible across systems.
For customers with existing SHA384 SSL Certificates experiencing issues, please contact us to discuss reissuance options.
We apologize for any inconvenience this may have caused and appreciate your understanding as we work with our suppliers to maintain the highest standards of security while ensuring compatibility across all platforms.
