สุรศักดิ์ ซีไอเอส²พี

Thailand's first ever root CA, the first ever SHA-512 on the web!?

Discussion created by สุรศักดิ์ ซีไอเอส²พี on Jan 29, 2017
Latest reply on Jan 30, 2017 by Rob_T

Thailand National Root Certification Authority - G1, the first ever Thai root CA has recently made its way into the Windows Certificate Store resulting in IE/Edge and Chrome as well as plenty others relying on the same store to trust certificates signed by its intermediate, the Thai Digital ID CA G2. One notable feature of these new certificates is that their signatures are signed with the hashing algorithm SHA-512! This is the first time I've ever seen SHA-512 on the web. I wonder what compatibility issues there might be for using such a high strength hashing algorithm to sign and issue new SSL certificates to use on the web when the highest has only been SHA-256 for websites and SHA-384 for CA's.

 

Currently, the Thai Digital ID CA G2 appears to have only two customers, one is its own, https://www.thaidigitalid.com/, and the other is https://mywealth.awam.co.th/.

Outcomes