https://live.paloaltonetworks.com/t5/general-topics/about-sha1-when-admin-access-web-ui/m-p/70291#M40482 <P>Hi syadav,</P> <P>Thanks for your comment.</P> <P>I have read a google blog page what you suggest.</P> <P>This blog mentioned the following,</P> <P>&nbsp;</P> <DIV><STRONG>Step 2: Blocking all SHA-1 certificates</STRONG></DIV> <DIV>Starting January 1, 2017 at the latest, Chrome will completely stop supporting SHA-1 certificates. At this point, sites that have a SHA-1-based signature as part of the certificate chain (not including the self-signature on the root certificate) will trigger a fatal network error. This includes certificate chains that end in a local trust anchor as well as those that end at a public CA.</DIV> <P>&nbsp;</P> <P>The Issuer is localhost for certificate when accessing Web-UI.</P> <P>Chorme could not block SHA-1 certificate that issuer is localhost(self-generated) when accessing Web-UI after 2017. RIGHT?</P> <P>Do I understand correct it?</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 05 Jan 2016 04:24:33 GMT KiCheon.Lee 2016-01-05T04:24:33Z https://live.paloaltonetworks.com/t5/general-topics/about-sha1-when-admin-access-web-ui/m-p/70164#M40464 <P>Hello,</P> <P>&nbsp;</P> <P>I knew SHA1&nbsp;is going to be expired on all internet browser in 2016.&nbsp;</P> <P>All FWs of Paloalto are using SHA1 when access Web-UI.</P> <P>I think if PA keep using it on, administrator could not access Web-UI by browser bloking.</P> <P>So It has to change from SHA1 to SHA256.</P> <P>I just want to know plan when chainging it.</P> <P>Please someone let me know it.</P> <P>&nbsp;</P> <P>If you do not have a plan for it.</P> <P>Do I have to make self-generated certificate with SHA256 and then enable "certificate for Secure Web GUI"?</P> <P>Is there another way?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>KC Lee</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 31 Dec 2015 06:35:01 GMT https://live.paloaltonetworks.com/t5/general-topics/about-sha1-when-admin-access-web-ui/m-p/70164#M40464 KiCheon.Lee 2015-12-31T06:35:01Z https://live.paloaltonetworks.com/t5/general-topics/about-sha1-when-admin-access-web-ui/m-p/70216#M40472 <P>Hi KC,&nbsp;</P> <P>&nbsp;</P> <P>The deprecation of SHA-1 is completely browser dependent, though most of the major browsers (like firefox,chrome) are</P> <P>contemplating to completely block the pages secured through SHA1. Please look for official announcements from the organizations who develop these browsers to keep a track of the timeline.</P> <P>&nbsp;</P> <P>Following is a good read :</P> <P><A href="https://googleonlinesecurity.blogspot.sg/" target="_blank">https://googleonlinesecurity.blogspot.sg/</A></P> <P>&nbsp;</P> <P>As for PA ,WebGUI access or SSL decryption (forward-proxy) certificate, you can create a new certificate using a more secure&nbsp;hashing algorithm like SHA-256 which is acceptable for the browser hence would not block or through error.</P> <P>&nbsp;</P> <P>Hope this helps !</P> Mon, 04 Jan 2016 14:04:05 GMT https://live.paloaltonetworks.com/t5/general-topics/about-sha1-when-admin-access-web-ui/m-p/70216#M40472 syadav 2016-01-04T14:04:05Z https://live.paloaltonetworks.com/t5/general-topics/about-sha1-when-admin-access-web-ui/m-p/70291#M40482 <P>Hi syadav,</P> <P>Thanks for your comment.</P> <P>I have read a google blog page what you suggest.</P> <P>This blog mentioned the following,</P> <P>&nbsp;</P> <DIV><STRONG>Step 2: Blocking all SHA-1 certificates</STRONG></DIV> <DIV>Starting January 1, 2017 at the latest, Chrome will completely stop supporting SHA-1 certificates. At this point, sites that have a SHA-1-based signature as part of the certificate chain (not including the self-signature on the root certificate) will trigger a fatal network error. This includes certificate chains that end in a local trust anchor as well as those that end at a public CA.</DIV> <P>&nbsp;</P> <P>The Issuer is localhost for certificate when accessing Web-UI.</P> <P>Chorme could not block SHA-1 certificate that issuer is localhost(self-generated) when accessing Web-UI after 2017. RIGHT?</P> <P>Do I understand correct it?</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 05 Jan 2016 04:24:33 GMT https://live.paloaltonetworks.com/t5/general-topics/about-sha1-when-admin-access-web-ui/m-p/70291#M40482 KiCheon.Lee 2016-01-05T04:24:33Z