Is anyone familiar with where to get certificates for SHA3?
The answer to your question is probably: nowhere.
As far as I can tell, only SHA-2 (SHA-256/SHA-384/SHA-512) is allowed according to the CA/Browser Forum Baseline Requirements. See sections 7.1.3.2.1 and 7.1.3.2.2 for the details.
5 Likes
Hi @jay_vandervoort and welcome to the LE community forum 
@Osiris, Not even via openssl or smallstep or some other non global CA system?
Here the term "get" can also be read as "make"
I don't read globally trusted in the question.
@jay_vandervoort must the cert be globally trusted?
1 Like
I interpreted it as "get a cert from a publicly trusted CA".
Also, OpenSSL can perfectly generate SHA3 certs:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha3-256 -keyout sha3test-privkey.pem -out sha3test-cert.pem
Just use any of the possible -sha3-* digest options. See openssl dgst -list | grep sha3 for all options on your system.
4 Likes
Although it may seem implied, I try to keep to what is written.
That was my first "go to".
1 Like
I try to read anything ambiguous in the context/purpose of this Community, which is mainly about publicly trusted certificates to enable HTTPS for all websites on the (public) world wide web.
Also, the thread is opened in Issuance Policy 
2 Likes
Thank you for the welcome and incredibly fast response. I have experience in OpenSSL and do appreciate the suggestion, however, we're looking for certificates provided by a CA. It does seem like there's nothing available and appreciate the feedback and additional insights.
2 Likes
I would welcome SHA3 with open arms; And I'm also waiting for OpenSSL v2.0
But I don't think 
will be putting either under my 
this year.
[maybe next year will yield more of these types of advances 
]
Cheers from Miami 
#FreeCUBA 
FYI [to all]:
https://www.openssl.org/policies/roadmap.html
Last modified 20th December 2017
1 Like
there is no openssl v2.0. they skipped it.
After 1.1.1 they released openssl 3.0 a few weeks ago.
3 Likes
I lack sleep - LOL
came early this year!
3 Likes
While new options wouldn't hurt I think, the current industry standpoint seems to be that it's not necessary (which is debatable). Keccak (SHA-3) is a great algorithm, however because there are currently no significant weaknesses* known for the SHA-2 family (there are some - let's say suboptimal - things in SHA-2 though). Hence the current view is that SHA-3 "is not meant to replace SHA-2" (from Wikipedia). It's more of a "have this thing in the toolset in case of emergency" case. The current state is that many current protocols (e.g TLSv1.3 or SSH-2) do not implement SHA-3 and/or have no immediate plans to implement them either, even though SHA-3 has been around for a while now. There's just no(t enough) pressure to do anything right now.
*This is debatable, as it depends on your classification of "significant weakness".
However, because of slow migration from SHA-1 to SHA-2 in the past, I think having more widespread support for SHA-3 would ease up a switch, if/when a migration from SHA-2 to Keccak becomes necessary. But I think before you can talk about this with the BR people, you need library, protocol and hardware support first. OpenSSL already has SHA-3, but there's much more than just OpenSSL out there.
SHA-3 also isn't that fast in software, so hardware support would be a really cool thing. But it takes a lot of time until that hardware reaches most consumers (or datacenters). I don't even have SHA(-2) extensions in my current CPU 
.
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.