As SSL/TLS certificates are renewed, they should be signed using the SHA-2 hash function.

If Blackbaud NetCommunity and The Raiser's Edge are hosted by Blackbaud ('fully hosted'):  No action will be required.  Our Service Delivery Operations (SDO) group will replace affected certificates.

If Blackbaud NetCommunity is hosted by Blackbaud but does not host The Raiser's Edge ('split hosted'):  It will be necessary to replace the SSL/TLS server certificate and/or intermediate certificate in use on the Raier's Edge Web Service (REWS) server if they are signed using the SHA-1 hash function.  For more information and steps to do this, reach out to the issuer of the SSL/TLS certificate.  

If neither Blackbaud NetCommunity norThe Raiser's Edge are hosted by Blackbaud ('on-premise'):  It will be necessary to replace the SSL/TLS server certificate and/or intermediate certificate on the NetCommuntiy web server.  If, in your configuration, your Raiser's Edge Web Service (REWS) server is also accessable from the internet, it will be necessary to replace the SSL/TLS server certificate and/or intermediate certificate in use on the REWS server also.  For more information and steps to do this, reach out to the issuer of the SSL/TLS certificate.

To dermine if you are using an SHA-1 signed certificate, you can submit the URL to your webserver or REWS server to the SSL/TLS checker/tester of your choice.  Often, certificate issuers provide such a resource.  You'll want check the output for "Signature algorithm" or "Algorithm type."  If the "Signature algorithm" or "Algorithm type" starts with 'SHA-1' or 'SHA1' you'll want have that certificate replaced or reissued by the certificate issuer.


Examples of SSL testing tools (these are offered as examples only, there are many):
GeoTrust SSL tool
Symantec (Verisign) SSL Checker
Qualys SSL Lab



Information about SHA-2 from certificate issuers GoDaddy and Symantec:
Symantec:  SHA-1 Hash Algorithm Migration
GoDaddy:  Information About Requiring the SHA-2 Hash Function




For more information about the deprecation of the SHA-1 cryptographic algorithm see the following blog posts from Google and Microsoft:
Google:  Gradually sunsetting SHA-1
Microsoft:  SHA1 Deprecation Policy

Note: We provide links to third-party websites in an effort to help you resolve your issue. We are not responsible for the information on third-party websites, and we cannot assist with implementing resolutions from these websites.