Hi,
We’d like to inform you of a Google infrastructure change that may impact your applications, unless you upgrade your SSL client to one that supports SHA-256. If you do not use the Google Maps APIs over SSL (HTTPS), you can stop reading now¹.
As announced in September 2014 on the Google Online Security blog, we are progressively sunsetting the use of the SHA-1 signing algorithm in the SSL certificates used by Google servers.
This update is currently in progress: some Google servers have moved to 100% SHA-256. It is expected that Google servers will serve a majority of SHA-256 certificates in the coming weeks.
Your applications may be impacted by this change if your HTTPS clients do not support SHA-256.
Get ready for the change!
You can check that your clients are ready for SHA-256 by making an HTTPS call, from your application’s networking stack, to:
https://cert-test.sandbox.google.com
This domain only answers with SHA-256 certificates.
You can anticipate issues by checking online which SSL clients support SHA-256.
If you are having issues…
If your client does not support SHA-256, you may receive errors like “corrupt SSL certificate”, “Unknown SSL error”. In that case, you can confirm that you are hitting a SHA-256 server by:
getting the IP that you are connecting to (e.g. with a ping, or DNS resolution, from your server)
issuing an openssl command like:
$ openssl s_client -connect [IP that you are connecting to]:443 < /dev/null 2>/dev/null | openssl x509 -text | grep "Signature Algorithm"
Expected result:
If a SHA-256 certificate is served:
Signature Algorithm: sha256WithRSAEncryption
If a SHA-1 certificate is served:
Signature Algorithm: sha1WithRSAEncryption
If you think that SHA-256 certificates are causing the issue, please contact your HTTPS client provider and upgrade to a version that supports SHA-256.
If you have any questions related to this change, please take a look at the support channels available.
Thanks,
The Google Maps API support team
¹ If you aren't using HTTPS to connect to the Google web service APIs, you should review this video to understand why it is important, and review how to configure HTTPS correctly