Some of our technically more advanced customers have already approached us with the friendly notice that we seem to have lost our A+ rating in the SSL test from SSLLabs.
This downgrade is due to a change in the certificate ranking that was introduced rather suddenly just recently, and should in no way be interpreted as a security downgrade of our services. We are currently in the process of renewing our certificates and should return to our A+ rating within the next few days.
Background: Google has recently made public that the Chrome web-browser will consider all SSL certificates as insecure and untrustworthy and raise an occording error message if they use the SHA-1 hash algorithm and are valid past December 31st 2016 . With this pre-announce Google has given the internet until the end of 2014 to react to this massive change.
Nevertheless, Qualys SSLLabs has reacted to this announcement by immediately downgrading all such certificates. We believe this decision to be a little bit unfortunate, because many websites aren’t even able to renew their certificates yet, because the Certificate Authority organizations (CAs) have to upgrade all their certificates first, before they can start renewing the certificates of any of their customers.
Our CA (SwissSign) is currently putting in 24/7 shifts for getting all the preparations ligned up. We are in very close contact with them and have received notice that we should be able to start the renewal process within the next few days. As soon as we have received our new certificates we expect to return to our beloved A+ rating on Qualys SSLLabs. Please bear with us as we will keep you updated here in our blog.