Jive is beginning the process of replacing the *.hosted.jivesoftware.com SSL certificate with a new certificate signed with the SHA-2 hashing algorithm. This new certificate will replace the current SHA-1 signed certificate, which is cryptographically weaker than SHA-2. Customers will benefit from improved security and be protected from any future weaknesses or vulnerabilities discovered in SHA-1.
Will my site be part of this transition?
Sites that are subdomains of 'hosted.jivesoftware.com' are covered by the wildcard SSL certificate that is being replaced. Your site will receive the updated SSL certificate if it has '(YOUR_SITE_NAME).hosted.jivesoftware.com' as the URL. Sites with custom vanity URLs are not affected by this change. These changes also do not impact Jive Cloud customers.
When will this change be made?
The change will be made on March 5th 2016 at 8pm PST.
Will there be site downtime?
The change takes place instantaneously and no disruption in service is expected.
Will end users be impacted?
Once your Jive community is upgraded to the new certificate, it can only be accessed by browsers which support SHA-2. Nearly all modern browsers (including all the browsers officially supported in Jive 6,7, and 8) support SHA-2, so the majority of users will not be affected. However, some users who still use legacy browsers or operating systems that do not support SHA-2 may no longer be able to access the site. Most notably, versions of Windows XP without service pack 3 do not support SHA-2. For a full compatibility matrix, please refer to SHA-2 Compatibility | DigiCert.com. Jive recommends that end users running unsupported software upgrade before the change is made. Community administrators may want to communicate this change to their site's end users as well.
How can I verify my site is using a SHA-2 certificate?
Most browsers offer the ability to view SSL certificate information by clicking the icon to the left of "https" in the URL bar. The signature portion of the certificate shows the signing algorithm used, which will indicate "SHA-256" once your site is transitioned. Sites can also easily be checked using a third party tool such ashttps://shachecker.com/.
My site has a vanity URL and does not have a SHA-2 certificate. How can I get a SHA-2 certificate?
You will need a new Certificate Signing Request (CSR). Please open a support case in the Jive Community for assistance with this process.