Recently, a number of major browser providers started making changes to their support for SHA-1 certificates in SSL, and moving to SHA-2 in response to the weaker security provided by the SHA-1 cryptographic hash algorithm. As a result, on June 1 Webtrends will complete updating its SSL certificates from SHA-1 to SHA-2.  This change impacts all Webtrends On Demand clients.

Microsoft announced their deprecation policy on SHA-1 according to which Windows will stop accepting SHA-1 certificates in SSL by 2017. Similarly, Google announced their deprecation policy on SHA-1 according to which Chrome will stop accepting SHA-1 certificates in SSL in a phased way by 2017. Mozilla is also planning to stop accepting SHA-1-based SSL certificates by 2017.

Webtrends has gradually been re-issuing its SHA-1 based SSL certificates with new SHA-2 based certificates to avoid any issues stemming from Google’s Chrome browser updates. Last November, Google started sun-setting its support for SHA-1 in its Chrome browser. The quarterly Chrome browser releases trigger “less than secure” notifications on some SSL certificates using the SHA-1 algorithm, so Webtrends has proactively moved to replace them. Read more about this at http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html.

Webtrends On Demand Access. Access to Webtrends On Demand solutions websites should not be impacted for current supported versions of browsers (Internet Explorer, Chrome, Mozilla, etc.) since they are already compliant with the security update being rolled out.  If you are on an earlier version of these browsers and have not updated in some time, we recommend updating to the latest or later versions of these browsers to benefit from up-to-date security fixes. 

Webtrends Mobile Data Collection Clients. Mobile apps using Webtrends Data Collection API may be impacted if you are using the DCAPI, and if your app developer established a dependency on the existing SHA-1 certificate and the intermediate certificate chain. To prevent any data collection disruption, update your application to remove this dependency. If you retain a dependency on the old SHA-1 certificate, your application may no longer work as expected.