Paul Mutton a Netcraft researcher said; “SHA-1 based certificates are about to be banned – the CA/Browser Forum governing body has ruled no new such certificates can be issued after the start of 2016, and it already bars any existing certificates that are valid beyond the end of 2017.”
Researchers believe that because of these vulnerabilities; a well financed hacker can easily impersonate an SSL site that uses a publicly trusted SHA-1 certificate. Worse still, while browsers still accept SHA-1 signatures, SSL sites remain at risk even after migrating to SHA-2: if an attacker were to compromise an intermediate CA certificate signed with SHA-1, he could generate valid certificates for arbitrary domains.
Even after all these concerns over SHA-1; the authorities has issued over 120,000 SHA-1 certificates; which Mutton found pretty shocking. But from next year onwards these authorities are forbidden from issung these SHA-1 certificates to new subscribers.
Some of the certificates issued this year has an expiration date of beyond 2017; which is very shocking because of SHA-1 is ragarded as weak and insecure from some time. The companies or owners who bought these certificates will definitely replace them after these report before their expiration date.