Summary

As described in Microsoft to use SHA-2 exclusively starting May 9, 2021, beginning May 9, 2021 at 4:00 PM Pacific Time, all major Microsoft processes and services—including TLS certificates, code signing and file hashing—will use the SHA-2 algorithm exclusively. 

How to verify your software is SHA-2 signed

Follow these steps to verify your applications are SHA-2 signed:

  1. Find the executable (EXE) file in File Explorer for the applications that you want to examine.

  2. Right-click the EXE file and select Properties.

  3. Select the Digital Signatures tab in the Properties dialog box.

  4. If your application is SHA-2 signed, you will see SHA256 in the Digest algorithm column in the Signature list section.

If your application is not SHA-2 signed, you might encounter issues or have to disable security warnings or security features to let the application run. We do not recommend this. Verify that you are using the latest version of your applications and if issues persist, contact the manufacturer.

How to tell if you are impacted by SHA-1 expiration

You may encounter warnings or errors when you try to install or use applications or drivers that are only SHA-1 signed.

Note We are currently not aware of any popular applications encountering the following issues. However, you might receive any of the following error messages.

Error message

Error occurs

Windows can’t verify the publisher of this driver software

When you are attempting to install a driver, you might be prompted with this warning from Windows Defender. You should have the following options:

  • Don’t install this driver software

  • Install this driver software anyway

This app has been blocked for your protection

Administrator has blocked you from running this app

When you are attempting to run an application and it gets blocked by Smart Screen because the signature is no longer valid and now lists Publisher: Unknown.  The application will not open.

This publisher has been blocked from running software on your machine

When attempting to open an application.

Generic trust failure

When attempting to install an application.

Invalid digital signature

When attempting to extract or install an application.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.