Microsoft expiring SHA-1 certificate at 9th May 2021 (Tomorrow)

aqua95 · May 8, 2021 at 3:39 PM

As the title says, SHA-1 certificate expires soon. This means that software signed with SHA-1 either wont longer install or you will get a warning pop-up about the digital signature. This can also be a huge problem to some Vista and 7 Windows updates, and mostly XP updates, since XP, at least the 32 bit edition, never got any SHA-2 signed updates. After the SHA-1 expiration, we might be able to stilll install software or drivers signed with SHA-1, but not SHA-1 signed Windows updates.

Any thoughts?

**videogamesm12** · May 8, 2021 at 4:09 PM

Archive it all. I suspect in a few years they will just delete these old updates and claim it's for "security reasons".

**StevenNL2000** · May 8, 2021 at 5:01 PM

You are not correct about SHA-1 Windows updates, those were already discontinued in July 2020:
https://support.microsoft.com/en-us/topic/wi…8b-139ce5c709af

The impact of this specific expiration event seems to be limited to some annoying pop-ups:
https://support.microsoft.com/en-us/topic/kb…fc-6dedef110e6b

**wild1145** · May 8, 2021 at 5:54 PM

Also worth noting this is a normal process for anything that uses TLS... Root CA's tend to be signed for anywhere from 10 to 30 years generally. Eventually those will expire and unless they are re-signed with root CA's that are trusted by devices (Which wouldn't happen for very old updates that aren't intended to be used) you'll get a warning that the certs aren't trusted in the same way a self-signed certificate would be (Though a slightly different error message).

Microsoft expiring SHA-1 certificate at 9th May 2021 (Tomorrow)

wild1145 July 16, 2022 at 11:49 PM

Users Viewing This Thread