Microsoft today announced that it will start using Secure Hash Algorithm 2 (SHA-2) exclusively from May 9, 2021. All major Microsoft processes and services including TLS certificates, code signing, and file hashing will start using SHA-2 after this date. As expected, Secure Hash Algorithm 1 (SHA-1) Trusted Root Certificate Authority will expire as Microsoft won’t be updating it.
The Microsoft SHA-1 Trusted Root Certificate Authority expiration will impact SHA-1 certificates chained to the Microsoft SHA-1 Trusted Root Certificate Authority only. Manually installed enterprise or self-signed SHA-1 certificates will not be impacted; however we strongly encourage your organization to move to SHA-2 if you have not done so already.