Knowledgebase

SHA-2 server and browser compatibility

In the nearest future all trusted certificates within the industry will be signed with the SHA-2 signature algorithm only, as the certificates signed with SHA-1 are considered to be vulnerable. The full transition to SHA-2 is already applied to the certificates we offer. It is time to check whether the software you are using is compatible with SHA-2. The new and updated versions of the software are released by vendors to satisfy the new security standards. Below we provided the list of the SHA-2 compatible servers, browsers and Operating Systems. We used various sources for the list creation, but we cannot guarantee that all the data provided below is accurate. It is highly recommended to research your software solely or to inquire into the matter directly with your vendors before SHA-2 signature algorithm certificates implementation.

Operating Systems

Browsers

Servers

Android 2.3+

Adobe Acrobat/Reader 7

Apache server with OpenSSL 0.9.8o+

Apache 2.x or higher, with OpenSSL 1.1.x or higher *

Apple iOS 3.0+

Blackberry 5+

Cisco ACE module software version A4(1.0)

Apple OS X 10.5+

Chrome 26+

Citrix Receiver models*

Blackberry 5.0+

Firefox 1.5+

Mac 11.8.2

ChromeOS

Internet Explorer 7+ and higher

Internet Explorer 7+ under Vista

Internet Explorer 7+ under Windows XP SP3

Windows Server 2008+

Windows Server 2003

Windows Server 2003 or XP client

Windows 7

Windows Vista

Windows Phone 7+

Windows Server 2003 SP2 +Hotfixes (Partial)

Windows Server 2003 with MS13-095 installed

Windows Server 2008, 2008 R2

Windows XP SP3+*

Java 1.4.2+ based products

IBM HTTP Server 8.5 (bundled with Domino 9)
 

Konqueror 3.5.6+

Java based servers – Java 1.4.2+
 

Mozilla 1.4+

Mozilla NSS based servers - 3.8+
 

Netscape 7.1+

OpenSSL based servers – OpenSSL 0.9.8o+
 

Opera 9.0+

Oracle WebLogic from the version 10.3.1+
 

Products based on OpenSSL 0.9.8o+

  
 

Safari from Mac OS X 10.5+

  
 

Windows Phone 7+

  

 

Servers which do not support SHA-2

Juniper SBR

IBM Domino ( * but, HTTP proxy server can handle the inbound HTTPS requests with the SHA-2 signature algorithm used)

Citrix Receiver models

Linux 13.0
IOS 5.8.3

Android 3.4.13

HTML 5 1.2

Playbook 1.0

Blackberry 2.2 / BlackBerry 1.0 Tech Preview

Cisco ACE module software versions A2 and A3
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to renew an SSL certificate

The certificate expiration date is encoded in its body and cannot be changed. To extend the secure connection, it is necessary to replace the expiring certificate on hosting server by a new one...

When can an SSL certificate be renewed?

You will be able to renew the certificate during 30 days prior to its expiration date. Also, you can do it earlier if you purchase the renewal certificate during domain renewal, please refer to...

What is a Certificate Signing Request (CSR)?

A CSR (Certificate Signing Request) is a small, encoded text file containing information about the organization and the domain you wish to secure. It is required for the activation of a digital SSL...

How to Generate CSR (Certificate Signing Request) Code

  What is a CSR? CSR code (Certificate Signing Request) is a specific code and an essential part for the SSL activation. It contains information about website name and the company contact...

Can I avoid activation process upon SSL renewal?

SSL renewal doesn't happen automatically. After purchase of the renewal Certificate you will need to follow steps similar to the ones you followed when you first generated an SSL certificate. To...