[openssl-users] Rejecting SHA-1 certificates
rsalz at akamai.com
Tue Jul 11 21:44:31 UTC 2017
> It's very well worth the effort, otherwise there's a security issue, because certificates can be forged.
No they cannot.
What *has* been done is a document was created with "weak spots" and another document was created that changed those weak spots, but the digest was the same.
This is a long long long way from creating two certificates with the same digest (and therefore the same signature).
More information about the openssl-users