Due to the deprecation of SHA-1 based SSL certificates, a few Certificate Authorities no longer issue SSL certs with SHA-1 root and are instead issuing SSL certs with SHA-2 root.This is problematic for currently managed IronKey devices in the field as they require to 'trust' trust a SHA-1 root Certificate authority.


If you' need to obtain or renew/ replace your Enterprise Server SSL certificate, contact one of the Certificate Authorities below and ask for "a SHA-2 SSL cert issued by SHA-1 root": This is required to ensure support for all managed device models.



SHA2 SSL certificate encryption support
:

- ALL versions of all IronKey devices (S100, S200, D200, S250, D250, S1000, W300, W500, W700, H300, H350).


SHA1 root* CA trust:

- ALL versions of all IronKey devices (S100, S200, D200, S250, D250, S1000, W300, W500, W700, H300, H350).


SHA2 root** CA trust:

- S250 v3.5.0.0 and higher

- D250 v3.5.0.0 and higher

- W500 v4.3.0.1 and higher (excluding 4.3.1.0)

- W700 v4.3.0.1 and higher (excluding 4.3.1.0)


(*) - Supported Certificate Authority:  BeTrusted, Aba.com, AddTrust, Baltimore, DST, Comodo, Entrust.net, GeoTrust, GlobalSign, GoDaddy, GTE, RSA Security Inc., Sonera, TC TrustCenter, Thawte, Valicert, VeriSign, Visa


(**) - Supported Certificate Authority:  BeTrusted, Aba.com, AddTrust, Baltimore, DST, Comodo, DigiCert, Entrust.net, GeoTrust, GlobalSign, GoDaddy, GTE, RSA Security Inc., Sonera, TC TrustCenter, Thawte, Valicert, VeriSign, Visa


Certificate Authorities issuing from trusted SHA-1 root as of Aug 2016:

----------------------------------------------------------------------

Comodo.com     - no planned SHA-1 root sunset

Entrust.net        - no planned SHA-1 root sunset

GeoTrust.com   - no planned SHA-1 root sunset

GlobalSign.com - no planned SHA-1 root sunset

Thawte.com     - no planned SHA-1 root sunset

VeriSign.com   - no planned SHA-1 root sunset

Sonera.com


GoDaddy and DigiCert no longer issues SSL certs from a SHA-1 root.