As a means to improve internet security, SSL Certificate Authorities (CAs) and browser manufacturers (Chrome, Firefox, Explorer, etc) are retiring support for some older hashing algorithms used to sign website SSL certificates. Our CDN partner will follow suit and start retiring these algorithms by December 27, 2016. This means that customers accessing Rackspace CDN or CloudFiles CDN via HTTPS would need to ensure they are using the latest certificate bundles on their client machines.
Most users will not be affected by this, as the retirement of SHA–1 has been built into all up-to-date common web browsers. Any users who have not updated their browsers may have problems accessing CDN endpoints after this change is made. It is important to note that this will impact both Rackspace customers (those who pay us directly to host their content on the CDN) and the end users of our customers (our customers’ customers.) We recommend proactively contacting your user base to help them understand the importance of using modern web browsers, and to use this documentation to answer any questions they have regarding this change.
Those who are not sure if they are using a browser with the latest certificates can navigate to a test endpoint: https://www.akamai.com. If your browser supports SHA256, you should see a message that the negotiation was successful. If you are unable to access this website, then please read below section about updating your client browser.
You can update the certificate bundle in your browser simply by updating your browser. Google provides a free tool to check your current browser, learn more about the importance of keeping your browser up-to-date, and download the latest versions of other browser. Additionally, instructions for installing the most common browsers can be found on their websites: Chrome, FireFox, and Safari.
Certificate bundles for Internet Explorer are managed by the Windows OS, so ensure that you update the OS as well.
You can see a list of common browsers and the versions that support SHA2 (the family of hash functions that includes SHA256) here.
On December 27, 2016, our CDN partner will retire SHA–1 on their non-security hardened network. Customers who have setup Cloud Files CDN-enabled containers, and are referencing the Cloud Files HTTP CDN Domain URL with HTTPS will no longer have SHA–1 as an option. This change will not affect the Cloud Files CDN HTTPS URLs or Rackspace CDN with the Shared, SAN, or Custom SSL options.
The Rackspace Community (“Community”) is provided “AS IS” without warranty of any kind. The information on the Community sites is created by members of the Community and is intended for reference and general discussions only. Although some of the content may contain information provided by Rackspace employees, it does not represent an assessment of a particular customer environment or an assessment of any specific compliance with laws or regulations or constitute advice. We recommend that you engage additional expertise in order to further evaluate applicable requirements for your specific environment. For customer specific support issues please contact your Rackspace Support Team.READ MORE
RACKSPACE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THE RACKSPACE OPEN CLOUD COMMUNITY SITE. RACKSPACE RESERVES THE RIGHT TO DISCONTINUE OR MAKE CHANGES TO ITS SERVICES OFFERINGS AND SPECIFICATIONS AT ANY TIME WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR APPLICATION OF ANY SERVICES AND/OR PROCESSES MENTIONED IN ANY COMMUNITY DISCUSSIONS. EXCEPT AS SET FORTH IN RACKSPACE GENERAL TERMS AND CONDITIONS, CLOUD TERMS OF SERVICE AND/OR OTHER AGREEMENT YOU SIGN WITH RACKSPACE, RACKSPACE ASSUMES NO LIABILITY WHATSOEVER, AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO ITS SERVICES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
ALTHOUGH PART OF THE COMMUNITY GENERATED CONTENT MAY EXPLAIN HOW RACKSPACE SERVICES MAY WORK WITH THIRD PARTY PRODUCTS, THE INFORMATION CONTAINED IN THE COMMUNITY DISCUSSIONS IS NOT DESIGNED TO WORK WITH ALL SCENARIOS. ANY USE OR CHANGES TO THIRD PARTY PRODUCTS AND/OR CONFIGURATIONS SHOULD BE MADE AT THE DISCRETION OF YOUR ADMINISTRATORS AND SUBJECT TO THE APPLICABLE TERMS AND CONDITIONS OF SUCH THIRD PARTY. EVEN THOUGH RACKSPACE EMPLOYEES MAY PARTICIPATE IN THE COMMUNITY DISCUSSIONS, RACKSPACE DOES NOT PROVIDE TECHNICAL SUPPORT FOR THIRD PARTY PRODUCTS, OTHER THAN SPECIFIED IN YOUR HOSTING SERVICES AGREEMENT YOU HAVE SIGNED WITH RACKSPACE AND RACKSPACE ACCEPTS NO RESPONSIBILITY FOR THIRD-PARTY PRODUCTS.READ LESS