Symantec SHA-1 Private SSL Logo

SHA-1 SSL certificate using Symantec's Private CA technology…

Secure128 in coordination with Symantec is now offering a SHA-1 SSL certificate utilizing Private CA hierarchies (VeriSign PCA3-G1/G2 Root CA's) which allows you to support legacy devices or systems (such as Citrix Gateway) that require a SHA-1 certificate. Please note that SHA-1 SSL certificates issued from these hierarchies are not designed to work with modern browsers.

Supports only registered domains & Public IP's     Supports SHA-1 (beyond 2017)     Secures legacy device and application communication

Buy or Renew a SHA-1 SSL certificate with Symantec Private CA

Available only with Secure128

 1 Year USD 30 day money back guarantee

Symantec Private CA Hierarchy Properties


  • Checked OffSymantec SHA-1 Private SSL is a Business Organization Validated Certificate
  • Checked OffDoes not support non-FQDNs, internal server names, or private domains
  • Checked OffVeriSign PCA3-G2 and Verisign PCA3-G1 roots only
  • Checked OffSupports 2048bit key length only
  • Checked OffOnly supports public IP addresses (no private IP addresses)
  • Checked OffRequires organization authentication & domain authorization/ownership
  • Checked OffFree reissues during validity period
  • Checked OffSupports SHA-1 beyond 1/1/2017 (limited to 1 year term)
  • Checked OffAvaliable as SHA-1 full chain & SHA- mixed chain
  • Checked OffSupports only RSA encryption algorithm (Not DSA and ECC)

Browser warnings with SHA1 certificate Private CA

Please note that SSL certificates issued off of these hierarchies are not designed to work with modern browers. Using them with modern browsers could pose a security risk. Modern browsers will regard these certificates as untrusted.

Wildcard SSL
Private CA Hierarchies

In order to comply with CA/Browser Forum requirements, Symantec stopped issuing SHA-1 signed SSL/TLS certificates as of January 1, 2016. Additionally, over the past year Symantec has repeatedly encouraged SHA-1 customers to migrate to SHA-256 (SHA-2) to better secure websites, intranet communications, and applications.

However for customers who run old legacy systems, the migration to SHA-2 can sometimes be very tricky and require extensive upgrades. Issuing any SSL/TLS certificate off of the Private CA hierarchies (VeriSign PCA3-G1/G2 Root CA) will allow you and your customers to support legacy devices and/or systems that require a SHA-1 certificate.

Validation Requirements for SSL

Validation Requirements

Symantec SHA-1 Private SSL is an Organization Validated SSL Certificate. Organization Validated SSL Certificates are issued by verification of the following supporting documents:

  • Checked OffOrganization legal business registration with state or regional government entity
  • Checked OffDomain Registration ownership details
  • Checked OffPhone number listing in a public online directory
  • Checked OffAverage issuance time is 3-4 business days


For a detailed description on how to get an Organization Validated SSL Certificate issued, Please CLICK HERE.

Certificate Installation & CSR Tools


The Certificate Signing Request (CSR) is a small, encrypted text file. The CSR contains information about your organization and the domain you wish to secure. A CSR is what you give to a Certification Authority to generate your SSL certificate. It is an essential part of obtaining an SSL certificate.

CSR Checker

Protect Your Business & Customer Data

with SSL Certificates from the most recognized brands on the web. We can help you get started on securing your entire network from vulnerabilities & cyber attacks today.


Where You Can Find Us?

Secure128
12460 Crabapple Road Suite 202-320
Alpharetta, GA 30004, US
Phone: 770-783-2610


Secure128 Headquarters, Roswell GA