SSL certificate signed using SHA1

Rule from ssl under security category

What is a trooper!

we have submitted your edit to the community for review! We'll review and make it live on the site in the next few hours, the internet thanks you :).

Browse another section of the knowledge base

Suggest an edit


This rule has no content... yet.

Add content to this rule

Or just browse to view rules that have content


Certificate Authority's often issue Intermediate certificates that are used to sign and create new certificates.

All certificates along the chain of issued/signed certificates are important to keep secure and make sure they are using the latest ciphers.

This error indicates a certificates in the chain is still using a SHA1 hashing cipher. In 2017, Google announced that they had [found a collision in SHA1( Which means these hash functions are no longer seen as secure.

While SHA1 is not as totally broken and open to preimage as MD5 is now; this does mean given enough time and progression of computing power attacks could later derive the SHA1 certificates from the signature itself.

To sum up this issue:

If an intermediate or end certificate has a weak signature, then it is possible that an attacker can generate two certificates with the same signature with different encoded information (e.g. and The attacker can then ask a certificate authority to sign one of the certificate ( then copied the signature to the other certificate (

The problem with SHA1 is that it has flaws that renders it feasible for an attacker with sufficient resource to find such collisions.

How do I fix this ?

Look into issueing certificates from CA's using SHA256 (at a minimum) to hash their signatures. Many CA's offer both for compatability reasons.


Browse another section of the knowledge base

Signup icon
Ready to see how well your site scores?

Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.

Sign up to get started