Symantec SSL Certificates

SHA-1 SSL certificate using Symantec's Private CA technology…

$995 /yearly

Buy/Renew Now

Not supported by current browsers     Supports SHA-1 (beyond 2017)     Secures legacy device and application communication

In coordination with Symantec we’re now offering a SHA-1 SSL certificate utilizing Private CA hierarchies (VeriSign PCA3-G1/G2 Root CA’s) which allows you to support legacy devices or systems (such as Citrix Gateway) that require a SHA-1 certificate. Please note that SHA-1 SSL certificates issued from these hierarchies are not designed to work with modern browsers.

Symantec Private CA Hierarchy Properties

  • Checked OffSymantec SHA-1 Private SSL is a Business Organization Validated Certificate
  • Checked OffDoes not support non-FQDNs, internal server names, or private domains
  • Checked OffVeriSign PCA3-G2 and Verisign PCA3-G1 roots only
  • Checked OffSupports 2048bit key length only
  • Checked OffOnly supports public IP addresses (no private IP addresses)
  • Checked OffRequires organization authentication & domain authorization/ownership

In order to comply with CA/Browser Forum requirements, Symantec stopped issuing SHA-1 signed SSL/TLS certificates as of January 1, 2016. Additionally, over the past year Symantec has repeatedly encouraged SHA-1 customers to migrate to SHA-256 (SHA-2) to better secure websites, intranet communications, and applications.

However for customers who run old legacy systems, the migration to SHA-2 can sometimes be very tricky and require extensive upgrades. Issuing any SSL/TLS certificate off of the Private CA hierarchies (VeriSign PCA3-G1/G2 Root CA) will allow you and your customers to support legacy devices and/or systems that require a SHA-1 certificate.

SHA-1 Education Around the Web

Globalsign // The End of SHA-1 for SSL Is Here – Are You Ready?
Google // The Chromium Blog, "Gradually Sunsetting SHA-1"
Qualys Blog // SHA1 Deprecation: What You Need to Know