[openssl-users] Rejecting SHA-1 certificates

Salz, Rich rsalz at akamai.com
Tue Jul 11 21:44:31 UTC 2017

> It's very well worth the effort, otherwise there's a security issue, because certificates can be forged.

No they cannot.

What *has* been done is a document was created with "weak spots" and another document was created that  changed those weak spots, but the digest was the same.

This is a long long long way from creating two certificates with the same digest (and therefore the same signature).

More information about the openssl-users mailing list