Important Update : Changes to SHA256 Certificate Hashing Algorithm

Important Update : Changes to SHA256 Certificate Hashing Algorithm

Zane Lucas

We recently identified an issue affecting some of our customers regarding the hashing algorithm used in our TLS SSL Certificates. We want to provide you with a clear explanation of the situation and the steps being taken to resolve it.

UPDATE JUNE 18, 2025 09:30 UTC : Trustico® branded SSL Certificates have now been reverted to use the SHA256 hashing algorithm. Affected customers can reissue if needed.

UPDATE JUNE 17, 2025 21:15 UTC : Within the next 24 hours newly issued Trustico® branded SSL Certificates will be reverted to use the SHA256 hashing algorithm ahead of the official Sectigo® scheduled maintenance. Please watch this page for updates and then reissue your Trustico® branded SSL Certificate if you require a SHA256 hashing algorithm.

The SHA384 Issue

We've discovered compatibility problems with SHA384 hashing algorithm being used in our leaf SSL Certificates (the actual TLS SSL Certificates deployed on servers).

While SHA384 is technically more secure than SHA256, it has unfortunately caused unexpected compatibility issues with certain systems and devices.

This issue went largely undetected during initial testing because SHA384 has been successfully used with 3K RSA keys for some time without apparent problems.

However, as we expanded this implementation to mass SSL Certificate issuance, compatibility issues began to surface across various client environments.

Official Response from Sectigo® Certificate Authority (CA)

Sectigo® has acknowledged this issue and is taking immediate action. Here is their official statement :

Upcoming Change : SHA-256 to be Used for New TLS Certificates Starting June 23 🔗

In summary, Sectigo® has scheduled maintenance to change the default issuance algorithm back to SHA256 on Monday June 23, 2025, at 13:00 UTC. This change will ensure broader compatibility while maintaining strong security standards.

What This Means for You

If you've experienced any SSL Certificate related issues recently, this change should resolve them. After Monday's update, newly issued SSL Certificates will use the SHA256 algorithm by default, which has proven to be both secure and widely compatible across systems.

For customers with existing SHA384 SSL Certificates experiencing issues, please contact us to discuss reissuance options.

We apologize for any inconvenience this may have caused and appreciate your understanding as we work with our suppliers to maintain the highest standards of security while ensuring compatibility across all platforms.

Back to Blog

Most Popular Questions

Understand the recent SHA256 hashing algorithm changes affecting Trustico® branded SSL Certificates and learn how to reissue your SSL Certificate if needed.

What Happened with the SHA384 Hashing Algorithm for Trustico® SSL Certificates?

Trustico® identified compatibility issues with SHA384 hashing algorithm used in some SSL Certificates. While SHA384 is technically more secure, it caused unexpected compatibility problems with certain systems and devices. As of June 18, 2025, all Trustico® branded SSL Certificates have been reverted to use the SHA256 hashing algorithm.

Does the SSL Certificate Need Reissuing After the SHA256 Change?

If you experienced compatibility issues with your SSL Certificate, you can now reissue it to obtain a new SSL Certificate using the SHA256 hashing algorithm. Reissuance is available for affected customers through the Trustico® account management system.

Does SHA256 Provide Enough Security for the SSL Certificate?

Yes, SHA256 is both highly secure and widely compatible across all platforms and devices. Trustico® and Sectigo® have confirmed that SHA256 maintains strong security standards while ensuring broader compatibility than SHA384.

When Did Sectigo® Change the Default Hashing Algorithm Back with SHA256?

Sectigo® scheduled maintenance for Monday June 23, 2025, at 13:00 UTC to change the default issuance algorithm back to SHA256. However, Trustico® branded SSL Certificates were reverted earlier on June 18, 2025.

Stay Updated - Our RSS Feed

There's never a reason to miss a post! Subscribe to our Atom/RSS feed and get instant notifications when we publish new articles about SSL Certificates, security updates, and news. Use your favorite RSS reader or news aggregator.

Subscribe via RSS/Atom