With Freshdesk’s emphasis on security and keeping it up-to-date, SAML SSO on Freshdesk now supports SHA256 certificates while the older SHA1 certificates are gradually being phased out.


Collision attacks against SHA-1 have become too affordable to consider it safe for the public web PKI. Hence top browsers like Chrome and Firefox have started phasing out support for SHA1 certificates. In order to keep our system top-notch and to better protect our customers, we are transitioning to using SHA256, and will phase out SHA1 certificates completely by June 1, 2017.


All Freshdesk admins who have configured SAML SSO on their helpdesks will be impacted by this change. Admins will need to make the transition to SHA256 by following the steps below:

  • Generate an SHA256 based fingerprint from One Login or your SSO provider.

  • Reach out to Freshdesk support to be guided through the transition. 

  • Once our support agent has contacted you, update the fingerprint in your helpdesk: Admin > Security > SAML SSO.

  • A support agent will enable the feature from our end and complete the process.


To know more about SHA1 deprecation, kindly go through the following links:


https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html


https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/


Note: The transition completion deadline will be June 1, 2017. Please note that if you don’t complete this by the 1st of June, your users will no longer be able to use SSO, to login to your support portal as we would be using SHA-256 instead of SHA1 fingerprint for verifying the certificates from our end.


With Freshdesk’s emphasis on security and keeping it up-to-date, SAML SSO on Freshdesk now supports SHA256 certificates while the older SHA1 certificates are gradually being phased out.


Collision attacks against SHA-1 have become too affordable to consider it safe for the public web PKI. Hence top browsers like Chrome and Firefox have started phasing out support for SHA1 certificates. In order to keep our system top-notch and to better protect our customers, we are transitioning to using SHA256, and will phase out SHA1 certificates completely by June 1, 2017.


All Freshdesk admins who have configured SAML SSO on their helpdesks will be impacted by this change. Admins will need to make the transition to SHA256 by following the steps below:

  • Generate an SHA256 based fingerprint from One Login or your SSO provider.

  • Reach out to Freshdesk support to be guided through the transition. 

  • Once our support agent has contacted you, update the fingerprint in your helpdesk: Admin > Security > SAML SSO.

  • A support agent will enable the feature from our end and complete the process.


To know more about SHA1 deprecation, kindly go through the following links:


https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html


https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/


Note: The transition completion deadline will be June 1, 2017. Please note that if you don’t complete this by the 1st of June, your users will no longer be able to use SSO, to login to your support portal as we would be using SHA-256 instead of SHA1 fingerprint for verifying the certificates from our end.