May 16

Important Information Regarding Our Recent SSL Upgrade

On May 14, 2014 we upgraded our SSL certificate to use SHA-256, the most widely supported SHA-2 hashing algorithm. SHA-2 was developed by NIST (National Institute of Standards and Technology) to replace the aging SHA-1 hashing algorithm which may have mathematical weaknesses.

NIST has recommended that SHA-1 not be used for digital signature generation after December 31, 2013. Microsoft will cease trusting Code Signing Certificates using SHA-1 on January 1, 2016 and SSL Certificates using SHA-1 on January 1, 2017.

At this point, most browsers, applications and servers support SHA-256. However some older operating systems and devices do not (i.e. Windows XP without SP3). Also, some systems that support SHA-256 have not been updated to trust the new root certificates used to sign newer SHA-256 certificates.

As a result, a handful of CheddarGetter customers have experienced issues connecting to CheddarGetter’s API due to SSL verification errors. This can be resolved temporarily by ignoring verification, and permanently by updating you SSL library and/or installing the Go Daddy Root 2 certificate as a trusted certificate.

We are committed to providing the highest level of security and customer service possible. We believe to have resolved all known customer issues related to this matter. However, if you are experiencing any SSL verification issues please contact us immediately on our support forum.