Should I trust a website which uses a SHA-1 HTTPS certificate?

It's a bad sign, but it is still very unlikely that the connection is being eavesdropped on.

The website appears to have a valid certificate signed by a certificate authority, but it is signed with a weak and obsolete hash algorithm.

What does that mean?

It means the connection is encrypted and a passive eavesdropper can still not listen in. But a determined attacker with access to lots of processing power could generate a fake certificate for this website and use it to impersonate the website. So it is possible you aren't actually on the website you think you are but are instead on one controlled by a hacker. But such an attack would require quite a lot of resources and additionally require to be in control of a router between you and the website.

But even when we assume that no attack is taking place, we should keep in mind what impression this makes. SHA-1 is obsolete for quite a while now. When the admins of that site still do not bother to update, that's a quite bad sign for their general competence. It could mean that they are also quite lax regarding other aspects of security of their website. The final decision what information you provide them with is yours to make.


As others have said, technically the risk is small for a MiM attack. However this has a larger problem and implication.

Should I go ahead and enter my card details and pay for something on this site?

NO, YOU SHOULD NOT USE THIS SITE FOR A CARD TRANSACTION

The SSL issue is, as stated by others, relatively minor, however, using a SHA-1 hash means two very important things.

  1. They have not followed PCI DSS Best Practices. Using SHA-1 in signing certificates, or in the encryption it's self is not recommended, and has to have an exception made for it during an AVS (Automated Vulnerability Scan). Meaning that, last time they did a PCI Scan they had to go out of their way to pass because they were not following a best practice. SHA-1 Hashes can only be used in some circumstances, and only to support legacy setups. You must always support another hash. Because your using windows 10 you support the newer hashes, they are not.
  2. If they can't bother to do this very simple, easy, and required certification, then they simply don't care enough about the security of your credit card to trust them with it.

Important notes:

  • I help clients with PCI compliance all the time. It's fairly straight forward and simple. It takes "some time", but it's a very small investment if your going to handle cards. (maybe 2-3 days with 1-2 hours a day, after a big push of 4 hours on the first day, the first time around, which is mostly reading the rules, for the lowest level of PCI compliance)
  • In no way is a PCI Compliance sticker a "I am un-hackable label". It only means that you did a minimum set of things to attempt to protect card data. In may ways it's not even "enough", it's more of a starting point.
  • There are different levels of PCI complacence, but the lowest levels (for sites that hand off the transaction to a third party like Paypal to do the actual data collection and processing) sill can not use a SHA-1 SSL cert by it's self.
  • All Payment gateways (like PayPal) that I am aware of that let you pass in transaction details (not just a buy now button) require to be the lowest level of PCI compliant.

Note when writing this answer and with comments, significant changes to the answer needed to be made. In short the use of SHA-1 hashes in a PCI compliant setting is very obscure, and relies on a mesh of different rules to allow it. While not currently out right forbidden in current PCI-DSS setups it soon will be. Currently it is allowed only though a combination of clauses meant to support odd/old client(browser) configurations. Most notably the "Older SSL" clauses that allow for insecure SSL setups with other means of security in order to support older (think IE6) browsers. This answer has changed a lot to reflect this. The notes below are from the original answer, but shows, IMO, an important process.

Note After some research this answer, based mostly on the fact that they didn't bother to do the PCI Audit at all, is largely wrong. They could have completed the PCI audit. That being said, the general idea is still true. If they "worked around" the SHA-1 issue instead of just updating to "something else" then my opinion stands. Keep in mind that allowing SHA-1 is supposed to be for "aging, old, and legacy" systems and not as an ongoing practice. You now (today) have to have a migration plan in place even to pass the audit.

More Notes I will have to address this and clean up this answer, but according to "the docs" there is some general rules. First older sites can still offer SHA1 as an encryption or signing option but only if other, stronger options are available too. New sites can not offer SHA-1 at all. Any sites using SHA-1 must have a migration plan. (AVS should auto fail, but you can get an exception). Lastly there is a clear cutoff date for SHA-1 (though it can be moved, yet again)


It means that the certificate used by the site is using an outdated signature algorithm to confirm the certificate identity. Google has been aggressively targeting SHA-1 signatures for site certificates for a couple of years, since there are some theoretical attacks which could result in a fraudulent certificate having a valid signature, although there has not been any evidence of this happening in the wild. Furthermore, the method of attack would require significant effort, and is unlikely to be profitable for anything other than really high value targets.

The main reason for the warnings is to encourage web site owners to update to more secure signing methods, which are usually available for free or low cost from their certificate providers, but offer longer term protection as computer technology improves - this process took 16 years in the case of MD5, the predecessor to SHA-1. The certificate itself is no weaker than any other - in fact, it is technically possible for a single certificate to be signed by both SHA-1 and SHA-256 methods. There may be other weaknesses in the certificate, but it's not possible to see from the screenshots provided.

Overall, it suggests a slightly shoddy approach to security of the site, but doesn't itself mean that your card details are likely to be stolen in transit. It may be worth contacting the company pointing out this error, and suggesting they update the certificate, especially if you need to make purchases from there regularly.

Also, see https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1 for some more details on this.